CVE-2007-6273

2007-12-0711:46:00

CWE-134

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.

Affected configurations

Nvd

Node

sonicwallglobal_vpn_clientMatch3.1.556

sonicwallglobal_vpn_clientMatch4.0.0.810

VendorProductVersionCPE
sonicwallglobal_vpn_client3.1.556cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*
sonicwallglobal_vpn_client4.0.0.810cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	global_vpn_client	3.1.556	cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:::::::*
sonicwall	global_vpn_client	4.0.0.810	cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:::::::*