News Document Title:
====================
Elitsoft patched critical bug in Central Console Appliance


Release Date:
=============
2012-03-01


Laboratory Article:
===================
ElitSoft has patched the discovered File Include Vulnerability on Cyberoams Central Console  Appliances v2.00.2. 
The new hotfix has been released 2012-02-29 in the morning and is now available for all appliance customers of the Central Console.

The vulnerability allows an attacker to request local system or application files (example:telnet-service jsp). 
Successful exploitation can result in dbms or service/appliance compromise via file include vulnerability.
The vulnerability was located on the vulnerable  WWWHELP service ?file value.

UPGRADE CUSTOMERS:	CCC Firmware v02.00.4 Build 007
UPGRADE TICKETS:	Cyberoam.com #323301

ADVISORY:		http://www.vulnerability-lab.com/get_content.php?id=405
VIDEO:			http://www.vulnerability-lab.com/get_content.php?id=411