Bypassing Access Restrictions in Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5

Bypassing Access Restrictions in Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5

CVE-2016-7786 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.

Learn more about our User Device Pen Test.