← Volver a CVEs
CVE-2018-9866
CRITICAL9.8
Descripcion
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/3/2018
Ultima modificacion5/5/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
sonicwall:global_management_system
Debilidades (CWE)
CWE-77CWE-20
Referencias
https://github.com/rapid7/metasploit-framework/pull/10305(PSIRT@sonicwall.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007(PSIRT@sonicwall.com)
https://twitter.com/ddouhine/status/1019251292202586112(PSIRT@sonicwall.com)
https://github.com/rapid7/metasploit-framework/pull/10305(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/ddouhine/status/1019251292202586112(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.