Lucene search

[email protected]CVE-2015-3990

HistoryMay 20, 2015 - 6:59 p.m.

CVE-2015-3990

2015-05-2018:59:05

CWE-19

[email protected]

web.nvd.nist.gov

cve-2015-3990

gms viewpoint

dell sonicwall

gms

analyzer

uma em5000

remote command execution

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.112 Low

EPSS

Percentile

95.2%

JSON

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

Affected configurations

NVD

Node

sonicwalluma_em5000_firmwareRange≤7.2

AND

sonicwalluma_em5000Match-

Node

sonicwallanalyzerRange≤7.2

sonicwallglobal_management_systemRange≤7.2

CPENameOperatorVersion
sonicwall:uma_em5000_firmwaresonicwall uma em5000 firmwarele7.2

CPE	Name	Operator	Version
sonicwall:uma_em5000_firmware	sonicwall uma em5000 firmware	le	7.2

References

www.securityfocus.com/bid/74756

www.securitytracker.com/id/1032373

www.zerodayinitiative.com/advisories/ZDI-15-231/

support.software.dell.com/product-notification/152178

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.112 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2015-3990

nvd1 cvelist1 zdi1 prion1