Sophos Cyberoam firewall vulnerability declared, business impact Special

Posted Oct 20, 2019 by Tim Sandle
It's been reported that a Sophos Cyberoam firewall vulnerability has occurred, which was resolved with an automatic hotfix at the end of September. While the vulnerability has been addressed, the implications require businesses to take actions.
Thomas Samson, AFP/File
A security researcher recently discovered a vulnerability in Sophos’s Cyberoam firewall appliances. The vulnerability was such that it allowed an attacker to gain access to a company’s internal network without a password.
By accessing this way, the situation enables a hacker to remotely gain “root” permissions on a vulnerable device, giving the hacker the highest level of access. Through this a hacker can send malicious commands across the Internet.
The issue meant that all Sophos Cyberoam Firewall deployments running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier were affected by the vulnerability. According to Rob Mardisalu, who identified the vulnerability: “The vulnerability allows hackers to access a Cyberoam device without entering usernames or passwords, and also grants root access, giving the attacker full control of the device.”
This form of attack takes advantage of the web-based operating system that sits on top of the Cyberoam firewall. Once a vulnerable device is accessed, an attacker can jump onto a company’s network and cause havoc.
According TechCrunch, Cyberoam devices are typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employees in while keeping hackers out.
Discussing the issue with Digital Journal, Ben Goodman, CISSP and SVP of global business and corporate development at ForgeRock notes: “This Sophos vulnerability highlights the cold truth that just because a device is on your “safe” corporate network, that does not make it secure—this is why zero trust approaches to enterprise security are increasing in popularity.”
Goodman explains further: “Threat actors are able to leverage these gaps to move laterally throughout a corporate network and either access business critical apps, customer data, IP and more.”
This means that enterprises need to put in place stronger defences: “It is imperative for companies to authenticate every user, every device and every session. Modern identity access management tools can be leveraged to do just that by assigning identities to all things, people and services including the known, unknown and trusted.”