The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrati

APPLICATION

SONICWALL

19-04-2025 23:44

CVE-2016-9682 Vulnerabilidad documentada

Sin puntuación

Tags

#injection

#exploit

#web

#server

#machine

#form

#admin

#sonicwall

#application

#vulnerability

#vulnerable

#remote

#pass

#inject

#allow

#access

Descripción

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Command Injection vulnerabilities in its web administrative interface. These occur the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about state of system. The application doesn't properly escape passed 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call system(), allowing remote command injection. Exploitation this vulnerability yields shell access machine under nobody user account.

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

http://www.securityfocus.com/bid/96375

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0003

https://www.exploit-db.com/exploits/42342/

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

http://www.securityfocus.com/bid/96375

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0003

https://www.exploit-db.com/exploits/42342/

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2016-9682

Resultados similares

Coincidentes en almenos en 50% de los tags

20-04-2025 CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The...
Ver información

19-04-2025 CVE-2016-9684
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Comm...
Ver información