Warning: Detecting a very serious vulnerability in Cyberoam, a common firewall system in Vietnam
VSEC is broadcasting a warning about an extremely dangerous vulnerability with the code name CVE-2019-17059 on Cyberoam. According to experts, this gap is dangerous at 9/10 - almost the highest in the rating scale, which can greatly affect many Vietnamese businesses. This vulnerability was discovered on the version of CyberoamOS before 10.6.6 MR-6.
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
Cyberoam is a firewall protecting website based on user authentication, supporting real-time protection of organizations and businesses against attacks and cyber security threats.
Currently, more than 96,000 devices in the world use Cyberoam publicly. In Vietnam, Cyberoam devices are also used by many companies and banks for their security solutions.
To exploit this vulnerability, hackers will access and send packets containing exploit code to the web admin interface or SSL VPN Consoles (SSL VPN Consoles) to hijack the device. If successful, the bad guy can remotely execute unauthorized commands without providing a username and password.
The danger is that the bad guy will gain the highest level of access to allow any action on the victim's Cyberoam device, such as a deeper attack on the system, tracking all message data, turning off functions. protection, install backdoors into the intranet .
As recommended by VSEC, Vietnamese organizations and businesses using Cyberoam should immediately implement the following measures to ensure safety.
- Cyberoam needs to be updated immediately to the latest version.
- When transmitting data, it is necessary to use encryption methods, including in internal networks.
- Improve user awareness of information security.
- In addition to firewall devices, it is necessary to simultaneously conduct security testing, evaluation and vulnerability scanning on open systems, applying world security standards such as OWASP, ISO 27008.
You should read it
- Detect 2 serious security holes in the Zoom application
- AMD patched a series of security holes in the graphics driver for Windows 10
- Internet Explorer has vulnerabilities, unused users are still hacked
- Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
- Top 30 serious security holes are being exploited by hackers the most
- Take a look at the most significant threats from the security world in 2019
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Microsoft silently updated Windows 10 to patch 2 serious security holes
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- 10 interesting facts about black holes in the universe (Part 1)
- New security vulnerabilities on iOS 12.1 allow access to contacts and phone calls
- Microsoft introduced a tool to fix security holes in IE 9 and 10