Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-9682
HistoryFeb 22, 2017 - 5:59 a.m.

CVE-2016-9682

2017-02-2205:59:00
CWE-77
[email protected]
web.nvd.nist.gov
29
sonicwall
secure remote access
remote command injection
cgi vulnerability
shell access
cve-2016-9682
nvd
information security

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn’t properly escape the information passed in the ‘tsrDeleteRestartedFile’ or ‘currentTSREmailTo’ variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

Affected configurations

NVD
Node
dellsonicwall_secure_remote_access_serverMatch8.1.0.2-14sv

Related

dsquare 1
packetstorm 1
checkpoint_advisories 1
prion 1
zdt 1
nvd 1
exploitpack 1
cvelist 1
exploitdb 1
openvas 1
dsquare
dsquare
Dell SonicWALL Secure Remote Access diagnostics RCE
2017-05-22 00:00:00
packetstorm
packetstorm
Sonicwall Secure Remote Access (SRA) 8.1.0.2-14sv Command Injection
2017-07-19 00:00:00
checkpoint_advisories
checkpoint_advisories
SonicWall Secure Remote Access Server Command Injection (CVE-2016-9682)
2020-12-06 00:00:00
prion
prion
Command injection
2017-02-22 05:59:00
zdt
zdt
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection Vulnerability
2017-07-20 00:00:00
nvd
nvd
CVE-2016-9682
2017-02-22 05:59:00
exploitpack
exploitpack
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
2017-07-19 00:00:00
cvelist
cvelist
CVE-2016-9682
2017-02-22 05:00:00
exploitdb
exploitdb
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
2017-07-19 00:00:00
openvas
openvas
Dell SonicWALL Secure Remote Access (SRA) Multiple RCE Vulnerabilities
2017-07-24 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON
Related for CVE-2016-9682
dsquare1packetstorm1checkpoint_advisories1prion1zdt1nvd1exploitpack1cvelist1exploitdb1openvas1