Remote Code Execution Vulnerability in Dell SonicWALL Products
CVE-2016-2397

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Uma Em5000 Firmware
Vendor: CVE Published:; 17 February 2016

🔔 Create Sonicwall Vulnerability Alert

What is CVE-2016-2397?

A vulnerability exists in the cliserver implementation of Dell SonicWALL GMS, Analyzer, and UMA EM5000 that allows remote attackers to exploit crafted XML data to deserialize and execute arbitrary Java code. This may grant attackers significant control over affected systems, leading to extensive damage and unauthorized access.

References

http://www.zerodayinitiative.com/advisories/ZDI-16-163

x_refsource_MISC

http://www.securitytracker.com/id/1035015

vdb-entryx_refsource_SECTRACK

https://support.software.dell.com/product-notification/18...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2016
Vulnerability Reserved
Feb 17, 2016

.

CVE-2016-2397 : Remote Code Execution Vulnerability in Dell SonicWALL Products