Buffer Overflow Vulnerability in SonicWall SSL-VPN NetExtender
CVE-2007-5814

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Ssl Vpn
Vendor: CVE Published:; 5 November 2007

Summary

The SonicWall SSL-VPN NetExtender contains multiple buffer overflow vulnerabilities in the NELaunchCtrl ActiveX control, allowing potential remote code execution. Attackers can exploit this vulnerability by manipulating lengthy user input across several parameters, including serverAddress and sessionId, resulting in unauthorized operations on affected machines. Upgrading to the latest versions of the software mitigates these risks and protects against potential exploitation.

References

http://www.vupen.com/english/advisories/2007/3696

vdb-entryx_refsource_VUPEN

http://www.sec-consult.com/fileadmin/Advisories/20071101-...

x_refsource_MISC

http://securityreason.com/securityalert/3342

third-party-advisoryx_refsource_SREASON

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Nov 5, 2007