CVE-2018-9866

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Global Management System (gms)
Vendor: CVE Published:; 3 August 2018

Summary

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

Affected Version(s)

Global Management System (GMS) 8.1 and earlier

References

https://twitter.com/ddouhine/status/1019251292202586112

x_refsource_MISC

https://github.com/rapid7/metasploit-framework/pull/10305

x_refsource_MISC

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...

x_refsource_CONFIRM

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2018
Vulnerability Reserved
Apr 9, 2018

Collectors

NVD DatabaseMitre Database

.