CVE-2016-9682 in Secure Remote Access Serverinformazioni

Riassunto

di MITRE

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

Once again VulDB remains the best source for vulnerability data.

Prenotare

30/11/2016

Divulgazione

22/02/2017

Moderazione

accettato

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.23296

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!