Remote Command Execution Vulnerability in Dell SonicWall GMS Web Application
CVE-2015-3990

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Uma Em5000 Firmware
Vendor: CVE Published:; 20 May 2015

Summary

The GMS ViewPoint web application in Dell SonicWall's management software allows remote authenticated users to execute arbitrary commands due to improper configuration handling. This exposes sensitive components to command injection attacks, whereby malicious users can manipulate the application's functionality and gain unauthorized access to system resources. Users are encouraged to upgrade to the latest version, as Dell has issued patches to mitigate this risk.

References

http://www.securitytracker.com/id/1032373

vdb-entryx_refsource_SECTRACK

https://support.software.dell.com/product-notification/15...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-15-231/

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2015
Vulnerability Reserved
May 15, 2015