A flaw in Cyberoam firewalls revealed corporate networks to hackers

37

Sophos announced it is making a vulnerability in its Cyberoam firewall devices.

The Consequences 

This vulnerability, according to a security researcher, can enable an attacker to obtain access to a company’s private network without requiring a password.

The vulnerability enables an attacker to achieve root permissions on an unsafe device remotely, providing them with the highest level of access by giving malicious commands over the internet. 

The attack gains the benefit of the web-based operating system that lies on top of the Cyberoam firewall.

Once a vulnerable device is obtained, an attacker can hop onto a company’s network.

Cyberoam devices are usually used in large enterprises, lying on the edge of a network and serving as a gateway to let employees in, while blocking hackers out. 

These devices strain out bad traffic and block denial-of-service charges and other network-based attacks. 

They also add virtual private networking (VPN), enabling remote workers to log on to their company’s network if they are not there in the office.

It is a related vulnerability to lately disclosed flaws in corporate VPN providers, distinctly Palo Alto Networks, Pulse Secure, and Fortinet.

This permits attackers to gain entrance to a corporate network without requiring a user’s password. 

The After Effects 

Many big tech companies, including Twitter and Uber, were struck by the vulnerable technology, prompting Homeland Security to publish a report to alert of the risks.

Sophos, who acquired Cyberoam in 2014, published a short advisory this week, stating that the company rolled out fixes on September 30.

The researcher, who was requested to remain unnamed, said an attacker would need an IP address of an unsafe device. 

Getting unsafe devices was easy, they said, by utilizing search engines like Shodan, which records around 96,000 devices available to the internet. 

Additional search engines put the number way higher.

A Sophos spokesperson argued the number of devices that were affected but did not give a more precise figure.

Sophos began an automated hotfix to all supported versions in September, and 99% of devices have now been automatically patched.

Customers who are still affected can refresh their devices manually, the spokesperson said. 

Sophos said the fix would be introduced in the next update of its CyberoamOS operating system.

Though the spokesperson did not state when that software would be released.

The researcher said they assume to release the proof-of-concept code in the upcoming months.

SEE ALSONomad’s latest Base Station Pro gives a taste of what Apple’s AirPower had promised

For more updates and the latest tech news, keep reading iTMunch.