CVE-2014-5501

EUVD-2014-5388
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
cyberoamcyberoam_os
𝑥
≤ 10.4
cyberoamcyberoam_os
𝑥
≤ 10.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.cyberoam.com/default.asp?id=3049
http://www.zerodayinitiative.com/advisories/ZDI-14-334/
http://kb.cyberoam.com/default.asp?id=3049
http://www.zerodayinitiative.com/advisories/ZDI-14-334/