Descripción
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Command Injection vulnerability in its web administrative interface. This occurs the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of server's internal configurations. The application doesn't properly escape information it's passed when processing particular multi-part form request involving scripts. filename 'scriptname' variable read unsanitized before call system() performed - allowing remote command injection. Exploitation this yields shell access machine under nobody user account. Issue ID 181195.
http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868
http://pastebin.com/eJbeXgBr
http://www.securityfocus.com/bid/96375
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004
http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868
http://pastebin.com/eJbeXgBr
http://www.securityfocus.com/bid/96375
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004
