CVE-2007-6273
SonicWALL Global VPN Client 4.0.782 - Remote Format String
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
Múltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810. Permite que atacantes remotos ejecuten código a su elección, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection.
NOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los límites establecidos por los privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-12-04 First Exploit
- 2007-12-07 CVE Reserved
- 2007-12-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1019038 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/4094 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30840 | 2007-12-04 | |
| http://marc.info/?l=bugtraq&m=119678272603064&w=2 | 2024-08-07 | |
| http://www.sec-consult.com/305.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/26689 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27917 | 2011-03-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Global Vpn Client Search vendor "Sonicwall" for product "Global Vpn Client" | 3.1.556 Search vendor "Sonicwall" for product "Global Vpn Client" and version "3.1.556" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Global Vpn Client Search vendor "Sonicwall" for product "Global Vpn Client" | 4.0.0.810 Search vendor "Sonicwall" for product "Global Vpn Client" and version "4.0.0.810" | - |
Affected
| ||||||