Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveZdiCVE-2016-2396
HistoryFeb 17, 2016 - 3:59 p.m.

CVE-2016-2396

2016-02-1715:59:06
CWE-77
zdi
web.nvd.nist.gov
22
cve-2016-2396
gms viewpoint
dell sonicwall
gms
analyzer
uma em5000
remote execution
command execution
security vulnerability
configuration input
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.031

Percentile

91.3%

JSON

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

Affected configurations

Nvd
Node
sonicwallanalyzerMatch7.2
OR
sonicwallanalyzerMatch8.0
OR
sonicwallanalyzerMatch8.1
OR
sonicwallglobal_management_systemMatch7.2
OR
sonicwallglobal_management_systemMatch8.0
OR
sonicwallglobal_management_systemMatch8.1
Node
sonicwalluma_em5000_firmwareMatch7.2
OR
sonicwalluma_em5000_firmwareMatch8.0
OR
sonicwalluma_em5000_firmwareMatch8.1
AND
sonicwalluma_em5000Match-
VendorProductVersionCPE
sonicwallanalyzer7.2cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*
sonicwallanalyzer8.0cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*
sonicwallanalyzer8.1cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*
sonicwallglobal_management_system7.2cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*
sonicwallglobal_management_system8.0cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*
sonicwallglobal_management_system8.1cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*
sonicwalluma_em5000_firmware7.2cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*
sonicwalluma_em5000_firmware8.0cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*
sonicwalluma_em5000_firmware8.1cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*
sonicwalluma_em5000-cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*

Related

prion 1
nvd 1
zdi 1
cvelist 1
prion
prion
Design/Logic Flaw
2016-02-17 15:59:00
nvd
nvd
CVE-2016-2396
2016-02-17 15:59:06
zdi
zdi
Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
2016-02-10 00:00:00
cvelist
cvelist
CVE-2016-2396
2016-02-17 15:00:00

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.031

Percentile

91.3%

JSON
Related for CVE-2016-2396
prion1nvd1zdi1cvelist1