Absolute Path Traversal Vulnerability in SonicWall SSL-VPN Products
CVE-2007-5815

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Ssl Vpn2000\/4000; Ssl Vpn 200
Vendor: CVE Published:; 5 November 2007

Summary

An absolute path traversal vulnerability exists in the WebCacheCleaner ActiveX control version 1.3.0.3 of SonicWall SSL-VPN products. This issue allows remote attackers to exploit the FileDelete method by providing a full pathname as an argument, potentially enabling them to delete arbitrary files on the system. Such vulnerabilities can lead to significant data loss and compromise security efforts, making it crucial for affected users to address this issue promptly.

References

http://www.vupen.com/english/advisories/2007/3696

vdb-entryx_refsource_VUPEN

http://www.sec-consult.com/fileadmin/Advisories/20071101-...

x_refsource_MISC

http://securityreason.com/securityalert/3342

third-party-advisoryx_refsource_SREASON

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Nov 5, 2007