Specialists from vpnMentor reported two vulnerabilities in the devices of Cyberoam Technologies, serving 65 thousand users in 120 countries, including industrial enterprises, financial and trade organizations, educational and healthcare institutions, etc.
Vulnerabilities affect FirewallOS in the Cyberoam SSL VPN firewall, which creates a gateway that blocks unauthorized access to the network. Researchers have found that vulnerabilities are related to the way that e-mail is “quarantined” on Cyberoam devices. Vulnerabilities can be exploited both individually and together by sending a malicious request, which will allow a remote unauthorized attacker to execute arbitrary commands.
“Both unrelated problems can provide hackers with access to Cyberoam devices and, as a result, make it easier for them to use any device that is protected by a firewall,” the researchers said.
Sophos, which owns Cyberoam Technologies, has released emergency patches for the vulnerabilities. On February 24-26 this year, Sophos sent automatic updates to all relevant versions of Cyberoam firewalls. The fix will also be included in the next version of Cyberoam, which is already being prepared for release.
According to the Shodan search engine, at least 86,000 vulnerable Cyberoam installations are currently available through the Web. However, the true amount can far exceed this figure, since the devices protected by the firewall are not indexed by the search engine, or are not connected to the Internet around the clock.