Command Injection Vulnerability in Dell SonicWALL GMS ViewPoint
CVE-2016-2396

9.9CRITICAL

Key Information:

Vendor

Sonicwall
Status
Analyzer
Global Management System
Vendor
CVE Published:
17 February 2016

What is CVE-2016-2396?

The GMS ViewPoint web application found in Dell SonicWALL's GMS, Analyzer, and UMA EM5000 versions 7.2, 8.0, and 8.1, prior to Hotfix 168056, is susceptible to command injection. This vulnerability allows remote authenticated users to execute arbitrary commands through manipulation of configuration input. Exploitation could lead to unauthorized access and potentially compromise system integrity, posing serious risks to the environment.

References

http://www.securitytracker.com/id/1035015
vdb-entryx_refsource_SECTRACK
http://www.zerodayinitiative.com/advisories/ZDI-16-164
x_refsource_MISC
https://support.software.dell.com/product-notification/18...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-2396 : Command Injection Vulnerability in Dell SonicWALL GMS ViewPoint