| ID |
CVE-2016-9683
|
| Sažetak |
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. |
| Reference |
|
| CVSS |
| Base: | 10.0 |
| Impact: | 10.0 |
| Exploitability: | 10.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Zadnje važnije ažuriranje |
17-10-2018 - 10:29 |
| Objavljeno |
22-02-2017 - 05:59 |
