CVE-2016-9684

EPSS 7.1%

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/41416unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868 http://pastebin.com/g1e2qU6N https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005 http://www.securityfocus.com/bid/96375