CVE-2016-2397

Name of the Vulnerable Software and Affected Versions Dell SonicWALL GMS versions 7.2 through 8.1 before Hotfix 168056 Dell SonicWALL Analyzer versions 7.2 through 8.1 before Hotfix 168056 Dell SonicWALL UMA EM5000 versions 7.2 through 8.1 before Hotfix 168056

Description The issue is related to the cliserver implementation, which lacks input data sanitization measures. This allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. The vulnerability can be exploited by sending specially formed XML data, enabling the execution of arbitrary Java code.

Recommendations For Dell SonicWALL GMS versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. For Dell SonicWALL Analyzer versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. For Dell SonicWALL UMA EM5000 versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. As a temporary workaround, consider restricting access to the cliserver implementation until the hotfix is applied.