CyberSec.Space Logo
Back to CVE Browser

CVE-2018-9866

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile10.21th
PublishedAug 3, 2018
Last ModifiedMay 5, 2025

Vulnerability Description

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

Affected Platforms (CPE)

πŸ“¦
Sonicwall

Global Management System

<= 8.1

References & Advisories

πŸ”— https://github.com/rapid7/metasploit-framework/pull/10305
πŸ”— https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007
πŸ”— https://twitter.com/ddouhine/status/1019251292202586112
πŸ”— https://github.com/rapid7/metasploit-framework/pull/10305
πŸ”— https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007
πŸ”— https://twitter.com/ddouhine/status/1019251292202586112

Related Vulnerabilities

CVE-2018-02389.9

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow...

CVE-2020-139959.8

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global...

CVE-2013-13599.8

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, a...

CVE-2013-13609.8

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyz...