CVE-2016-9684 in Secure Remote Access ServerИнформация

Сводка

по MITRE

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Резервировать

30.11.2016

Раскрытие

22.02.2017

Модерация

принято

Вход

VDB-97184

CPE

готов

CWE

CWE-77 (Подтверждённый)

Эксплойт

Скачать

CVSS

9.8 (NVD)

EPSS

0.06620

KEV

Нет

Деятельности

Очень низкий

Сектор

Lawfirm, Finance, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9684
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9684
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9684/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!