PT-2018-19085 · Sonicwall · Sonicwall Global Management System

Michael Flanders

Publicado

2018-08-03

Atualizado

2025-05-05

CVE-2018-9866

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SonicWall Global Management System (GMS) versions 8.1 and earlier

Description A vulnerability in the lack of validation of user-supplied parameters passed to XML-RPC calls allows remote users to execute arbitrary code.

Recommendations For versions 8.1 and earlier, update to a version later than 8.1 to resolve the issue. As a temporary workaround, consider restricting access to the XML-RPC calls to minimize the risk of exploitation.

Exploit

Correção

Command Injection

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-20

Identificadores relacionados

CVE-2018-9866

Produtos afetados

Sonicwall Global Management System

PT-2018-19085 · Sonicwall · Sonicwall Global Management System

CVE-2018-9866

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6