Lucene search

CertccCVE-2007-5603

HistoryNov 05, 2007 - 6:46 p.m.

CVE-2007-5603

2007-11-0518:46:00

CWE-119

certcc

web.nvd.nist.gov

cve-2007-5603

sonicwall

ssl-vpn

netextender

nelaunchctrl

activex

buffer overflow

security vulnerability

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.864

Percentile

98.7%

JSON

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.

Affected configurations

Nvd

Node

sonicwallssl_vpnRange≤2.1

sonicwallssl_vpnRange≤2.5

VendorProductVersionCPE
sonicwallssl_vpn*cpe:2.3:a:sonicwall:ssl_vpn:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	ssl_vpn	*	cpe:2.3:a:sonicwall:ssl_vpn::::::::

References

secunia.com/advisories/27469

securityreason.com/securityalert/3342

www.kb.cert.org/vuls/id/298521

www.kb.cert.org/vuls/id/WDON-78K56M

www.sec-consult.com/303.html

www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt

www.securityfocus.com/archive/1/483097/100/0/threaded

www.securityfocus.com/bid/26288

www.securitytracker.com/id?1018891

www.vupen.com/english/advisories/2007/3696

exchange.xforce.ibmcloud.com/vulnerabilities/38220

www.exploit-db.com/exploits/4594

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.864

Percentile

98.7%

JSON

Related for CVE-2007-5603