← Back
2026-02-06 23:14CVE-2020-37095VulnCheck
PUBLISHED5.2CWE-121

Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.

Problem type

Affected products

Cyberoam

Cyberoam Authentication Client

2.1.2.7 - AFFECTED

References

ExploitDB-48148

https://www.exploit-db.com/exploits/48148

exploit
Archived Cyberoam Authentication Client Software

https://cyberoam-general-authentication-client.software.informer.com/2.1/

product
VulnCheck Advisory: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

https://www.vulncheck.com/advisories/cyberoam-authentication-client-buffer-overflow-seh

third-party-advisory

GitHub Security Advisories

GHSA-3rq8-jjh5-j8v3

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows...

https://github.com/advisories/GHSA-3rq8-jjh5-j8v3

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2020-37095

cyberoam-general-authentication-client.software.informer.com

https://cyberoam-general-authentication-client.software.informer.com/2.1

exploit-db.com

https://www.exploit-db.com/exploits/48148

vulncheck.com

https://www.vulncheck.com/advisories/cyberoam-authentication-client-buffer-overflow-seh

github.com

https://github.com/advisories/GHSA-3rq8-jjh5-j8v3

JSON source

https://cveawg.mitre.org/api/cve/CVE-2020-37095
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2020-37095",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-06T23:14:04.889Z",
    "dateReserved": "2026-02-01T13:16:06.487Z",
    "datePublished": "2026-02-06T23:14:04.889Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-06T23:14:04.889Z"
      },
      "datePublic": "2020-02-28T00:00:00.000Z",
      "title": "Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access."
        }
      ],
      "affected": [
        {
          "vendor": "Cyberoam",
          "product": "Cyberoam Authentication Client",
          "versions": [
            {
              "version": "2.1.2.7",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Stack-based Buffer Overflow",
              "cweId": "CWE-121",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/48148",
          "name": "ExploitDB-48148",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://cyberoam-general-authentication-client.software.informer.com/2.1/",
          "name": "Archived Cyberoam Authentication Client Software",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/cyberoam-authentication-client-buffer-overflow-seh",
          "name": "VulnCheck Advisory: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrey Stoykov",
          "type": "finder"
        }
      ]
    }
  }
}