CVE-2016-2397
Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
La implementación de cliserver en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a atacantes remotos deserializar y ejecutar código Java arbitrario a través de datos XML manipulados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the cliserver implementation, which accepts, deserializes, and executes XML-encoded, serialized Java code. An attacker can leverage this vulnerability to execute arbitrary code under the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-10 CVE Published
- 2016-02-17 CVE Reserved
- 2024-05-19 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1035015 | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-163 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.software.dell.com/product-notification/185943 | 2018-03-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Uma Em5000 Firmware Search vendor "Sonicwall" for product "Uma Em5000 Firmware" | 7.2 Search vendor "Sonicwall" for product "Uma Em5000 Firmware" and version "7.2" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Uma Em5000 Search vendor "Sonicwall" for product "Uma Em5000" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Uma Em5000 Firmware Search vendor "Sonicwall" for product "Uma Em5000 Firmware" | 8.0 Search vendor "Sonicwall" for product "Uma Em5000 Firmware" and version "8.0" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Uma Em5000 Search vendor "Sonicwall" for product "Uma Em5000" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Uma Em5000 Firmware Search vendor "Sonicwall" for product "Uma Em5000 Firmware" | 8.1 Search vendor "Sonicwall" for product "Uma Em5000 Firmware" and version "8.1" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Uma Em5000 Search vendor "Sonicwall" for product "Uma Em5000" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Analyzer Search vendor "Sonicwall" for product "Analyzer" | 7.2 Search vendor "Sonicwall" for product "Analyzer" and version "7.2" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Analyzer Search vendor "Sonicwall" for product "Analyzer" | 8.0 Search vendor "Sonicwall" for product "Analyzer" and version "8.0" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Analyzer Search vendor "Sonicwall" for product "Analyzer" | 8.1 Search vendor "Sonicwall" for product "Analyzer" and version "8.1" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Global Management System Search vendor "Sonicwall" for product "Global Management System" | 7.2 Search vendor "Sonicwall" for product "Global Management System" and version "7.2" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Global Management System Search vendor "Sonicwall" for product "Global Management System" | 8.0 Search vendor "Sonicwall" for product "Global Management System" and version "8.0" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Global Management System Search vendor "Sonicwall" for product "Global Management System" | 8.1 Search vendor "Sonicwall" for product "Global Management System" and version "8.1" | - |
Affected
| ||||||