CVE-2021-20030
https://notcve.org/view.php?id=CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. SonicWall GMS es vulnerable a la manipulación de rutas de archivos, lo que hace que un atacante no autenticado pueda acceder al directorio web que contiene los archivos binarios y de configuración de la aplicación • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-22280
https://notcve.org/view.php?id=CVE-2022-22280
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. Una Neutralización Inadecuada de Elementos Especiales usados en un Comando SQL conllevando a una vulnerabilidad de inyección SQL no autenticada, que afecta a SonicWall GMS versión 9.3.1-SP2-Hotfix1, Analytics On-Prem versiones 2.5.0.3-2520 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-7476
https://notcve.org/view.php?id=CVE-2019-7476
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. Una vulnerabilidad en SonicWall Global Management System (GMS) permite a un atacante remoto obtener acceso empleando una clave SSH existente. Esta vulnerabilidad afecta las versiones de GMS 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004 • CWE-284: Improper Access Control CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2018-9866
https://notcve.org/view.php?id=CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. Una vulnerabilidad en la falta de validación de parámetros proporcionados por el usuario pasados a llamadas XML-RPC en los dispositivos virtuales SonicWall Global Management System (GMS) permite que usuarios remotos ejecuten código arbitrario. Esta vulnerabilidad afecta a GMS en versiones 8.1 y anteriores. • https://github.com/rapid7/metasploit-framework/pull/10305 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007 https://twitter.com/ddouhine/status/1019251292202586112 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-3990 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3990
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. La aplicación web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securityfocus.com/bid/74756 http://www.securitytracker.com/id/1032373 http://www.zerodayinitiative.com/advisories/ZDI-15-231 https://support.software.dell.com/product-notification/152178 • CWE-19: Data Processing Errors •