Lucene search

[email protected]CVE-2016-2397

HistoryFeb 17, 2016 - 3:59 p.m.

CVE-2016-2397

2016-02-1715:59:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2016-2397

dell sonicwall

gms

analyzer

uma em5000

remote code execution

xml

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.097 Low

EPSS

Percentile

94.8%

JSON

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

Affected configurations

NVD

Node

sonicwalluma_em5000_firmwareMatch7.2

sonicwalluma_em5000_firmwareMatch8.0

sonicwalluma_em5000_firmwareMatch8.1

AND

sonicwalluma_em5000Match-

Node

sonicwallanalyzerMatch7.2

sonicwallanalyzerMatch8.0

sonicwallanalyzerMatch8.1

sonicwallglobal_management_systemMatch7.2

sonicwallglobal_management_systemMatch8.0

sonicwallglobal_management_systemMatch8.1

CPENameOperatorVersion
sonicwall:uma_em5000_firmwaresonicwall uma em5000 firmwareeq7.2
sonicwall:uma_em5000_firmwaresonicwall uma em5000 firmwareeq8.0
sonicwall:uma_em5000_firmwaresonicwall uma em5000 firmwareeq8.1

CPE	Name	Operator	Version
sonicwall:uma_em5000_firmware	sonicwall uma em5000 firmware	eq	7.2
sonicwall:uma_em5000_firmware	sonicwall uma em5000 firmware	eq	8.0
sonicwall:uma_em5000_firmware	sonicwall uma em5000 firmware	eq	8.1

References

www.securitytracker.com/id/1035015

www.zerodayinitiative.com/advisories/ZDI-16-163

support.software.dell.com/product-notification/185943

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.097 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2016-2397

prion1 zdi1 nvd1 cvelist1