CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-9866

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile10.21th
Published2018年8月3日
Last Modified2025年5月5日

Vulnerability Description

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

Affected Platforms (CPE)

📦
Sonicwall

Global Management System

<= 8.1

References & Advisories

🔗 https://github.com/rapid7/metasploit-framework/pull/10305
🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007
🔗 https://twitter.com/ddouhine/status/1019251292202586112
🔗 https://github.com/rapid7/metasploit-framework/pull/10305
🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007
🔗 https://twitter.com/ddouhine/status/1019251292202586112

相关漏洞威胁

CVE-2018-02389.9

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow...

CVE-2020-139959.8

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global...

CVE-2013-13599.8

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, a...

CVE-2013-13609.8

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyz...