CVE-2016-9684 in Secure Remote Access Serverinfo

Summary

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/30/2016

Disclosure

02/22/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
97184	SonicWALL Secure Remote Access Server viewcert command injection	77	High	Not defined	CVE-2016-9684

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!