PT-2007-7148 · Sonicwall · Sonicwall Global Vpn Client

Published

2007-12-07

Updated

2011-03-08

CVE-2007-6273

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SonicWALL Global VPN Client versions 3.1.556 through 4.0.0.810

Description The issue concerns format string vulnerabilities in the configuration file, potentially allowing user-assisted remote attackers to execute arbitrary code. This can be achieved through format string specifiers in the Hostname tag or the name attribute in the Connection tag.

Recommendations For SonicWALL Global VPN Client versions 3.1.556 through 4.0.0.810, consider updating to a version that addresses these format string vulnerabilities to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2007-6273

Affected Products

Sonicwall Global Vpn Client

PT-2007-7148 · Sonicwall · Sonicwall Global Vpn Client

CVE-2007-6273

Weakness Enumeration

Related Identifiers

Affected Products

References · 8