The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative i

APPLICATION

SONICWALL

19-04-2025 23:44

CVE-2016-9684 Vulnerabilidad documentada

9.8 CRITICAL

Tags

#injection

#exploit

#web

#ssl

#server

#machine

#form

#admin

#sonicwall

#application

#vulnerability

#vulnerable

#remote

#pass

#inject

#allow

#access

Descripción

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Command Injection vulnerability in its web administrative interface. This occurs the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The application doesn't properly escape information it's passed 'CERT' variable before call system() performed - allowing remote command injection. Exploitation of this yields shell access machine under nobody user account.

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

http://pastebin.com/g1e2qU6N

http://www.securityfocus.com/bid/96375

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

http://pastebin.com/g1e2qU6N

http://www.securityfocus.com/bid/96375

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2016-9684

Resultados similares

Coincidentes en almenos en 50% de los tags

20-04-2025 CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The...
Ver información

19-04-2025 CVE-2016-9683
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Comm...
Ver información