Sign-up

ID

VAR-201801-1670


CVE

CVE-2018-5691


TITLE

SonicWall Global Management System Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-001458

DESCRIPTION

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A remote attacker can use the 'newName' and 'Name' values ​​in the /sgms/TreeControl module to exploit this vulnerability to inject malicious script code into the web application of the SonicWall GMS device

Trust: 1.71

sources: NVD: CVE-2018-5691 // JVNDB: JVNDB-2018-001458 // VULHUB: VHN-135723

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:lteversion:8.4

Trust: 1.0

vendor:sonicwallmodel:global management systemscope:lteversion:7.2

Trust: 1.0

vendor:sonicwallmodel:analyzerscope:gteversion:7.0

Trust: 1.0

vendor:sonicwallmodel:global management systemscope:gteversion:8.1

Trust: 1.0

vendor:sonicwallmodel:global management systemscope:gteversion:7.0

Trust: 1.0

vendor:sonicwallmodel:analyzerscope:lteversion:7.2

Trust: 1.0

vendor:sonicwallmodel:analyzerscope:gteversion:8.1

Trust: 1.0

vendor:sonicwallmodel:analyzerscope:lteversion:8.4

Trust: 1.0

vendor:dellmodel:sonicwall global management systemscope:eqversion:8.1

Trust: 0.8

vendor:sonicwallmodel:global management systemscope:eqversion:8.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-001458 // CNNVD: CNNVD-201801-458 // NVD: CVE-2018-5691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5691
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5691
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201801-458
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135723
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5691
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135723
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5691
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135723 // JVNDB: JVNDB-2018-001458 // CNNVD: CNNVD-201801-458 // NVD: CVE-2018-5691

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-135723 // JVNDB: JVNDB-2018-001458 // NVD: CVE-2018-5691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-458

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201801-458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001458

PATCH
title:SonicWall Global Management System (GMS) シリーズurl:http://www.dell.com/jp/business/p/sonicwall-gms-series/pd
Trust: 0.8
title:Dell SonicWALL Global Management System Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77704
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001458 // 
            
            
            
            CNNVD: CNNVD-201801-458

EXTERNAL IDS
db:NVDid:CVE-2018-5691
Trust: 2.5
db:JVNDBid:JVNDB-2018-001458
Trust: 0.8
db:CNNVDid:CNNVD-201801-458
Trust: 0.7
db:VULHUBid:VHN-135723
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135723 // 
            
            
            
            JVNDB: JVNDB-2018-001458 // 
            
            
            
            CNNVD: CNNVD-201801-458 // 
            
            
            
            NVD: CVE-2018-5691

REFERENCES
url:https://www.vulnerability-lab.com/get_content.php?id=1819
Trust: 2.5
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0003
Trust: 1.7
url:http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?parentproduct=867
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5691
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5691
Trust: 0.8
sources:
            
            
            VULHUB: VHN-135723 // 
            
            
            
            JVNDB: JVNDB-2018-001458 // 
            
            
            
            CNNVD: CNNVD-201801-458 // 
            
            
            
            NVD: CVE-2018-5691

SOURCES
db:VULHUBid:VHN-135723
db:JVNDBid:JVNDB-2018-001458
db:CNNVDid:CNNVD-201801-458
db:NVDid:CVE-2018-5691

LAST UPDATE DATE
2024-11-23T22:17:39.905000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135723date:2019-03-04T00:00:00
db:JVNDBid:JVNDB-2018-001458date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-458date:2019-03-05T00:00:00
db:NVDid:CVE-2018-5691date:2024-11-21T04:09:10.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-135723date:2018-01-14T00:00:00
db:JVNDBid:JVNDB-2018-001458date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-458date:2018-01-16T00:00:00
db:NVDid:CVE-2018-5691date:2018-01-14T04:29:00.287