Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019.

Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS) operating system that could remotely add accounts to a CROS device.

“A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone,” the Sophos advisory explains.

Sophos said that they are currently investigating whether threat actors have exploited this vulnerability.

“A small subset of Cyberoam devices were affected by a pre-authentication SQL injection vulnerability and we quickly deployed a hotfix to these devices. No further action is required. More information is available at the Community Page and KBA.”

“We’ve been phasing out Cyberoam devices since early 2019, and recommend users update to XG Firewall. An easy upgrade path is available that allows Cyberoam users to upgrade their software free of charge,” Sophos said in a statement.

This vulnerability does not impact Sophos XG Firewall and SG UTM devices.

Sophos has already deployed a hotfix for this vulnerability on all supported versions of CROS, and affected devices should be updated immediately to the latest version. CROS devices utilizing “Allow Over-the-air Hotfix” will automatically have the hotfix delivered to their devices.

To check if the hotfix is installed, customers can enter the following command from the CROS console:

cyberoam diagnostics show version-info

Admins should compare the outputted version information with the following table to determine if the hotfix has been added. If the Hotfix Version number is the same or greater than what is displayed in the console, it means the hotfix has been installed.

Sophos also advises administrators to disable WAN access to the web admin and SSH interfaces and check the devices for suspicious users.

Cyberoam owners can learn how to migrate to the XG Firewall software using this migration guide.

The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.