Sign-up

ID

VAR-201808-0967


CVE

CVE-2018-9866


TITLE

SonicWall Global Management System Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009009

DESCRIPTION

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. SonicWall Global Management System (GMS) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall Global Management System (GMS) is a global management system. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A security vulnerability exists in SonicWall GMS due to the program's failure to validate user-submitted parameters for XML-RPC calls. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.71

sources: NVD: CVE-2018-9866 // JVNDB: JVNDB-2018-009009 // VULHUB: VHN-139898

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:lteversion:8.1

Trust: 1.0

vendor:sonicwallmodel:global management systemscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:global management systemscope:eqversion:8.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-009009 // CNNVD: CNNVD-201808-124 // NVD: CVE-2018-9866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9866
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9866
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-124
value: CRITICAL

Trust: 0.6

VULHUB: VHN-139898
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9866
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139898
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9866
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139898 // JVNDB: JVNDB-2018-009009 // CNNVD: CNNVD-201808-124 // NVD: CVE-2018-9866

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-77

Trust: 1.0

sources: VULHUB: VHN-139898 // JVNDB: JVNDB-2018-009009 // NVD: CVE-2018-9866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-124

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201808-124

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009009

PATCH
title:SNWLID-2018-0007url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007
Trust: 0.8
title:SonicWall Global Management System Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82823
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009009 // 
            
            
            
            CNNVD: CNNVD-201808-124

EXTERNAL IDS
db:NVDid:CVE-2018-9866
Trust: 2.5
db:JVNDBid:JVNDB-2018-009009
Trust: 0.8
db:CNNVDid:CNNVD-201808-124
Trust: 0.7
db:SEEBUGid:SSVID-97592
Trust: 0.1
db:VULHUBid:VHN-139898
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139898 // 
            
            
            
            JVNDB: JVNDB-2018-009009 // 
            
            
            
            CNNVD: CNNVD-201808-124 // 
            
            
            
            NVD: CVE-2018-9866

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0007
Trust: 1.7
url:https://github.com/rapid7/metasploit-framework/pull/10305
Trust: 1.7
url:https://twitter.com/ddouhine/status/1019251292202586112
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9866
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9866
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139898 // 
            
            
            
            JVNDB: JVNDB-2018-009009 // 
            
            
            
            CNNVD: CNNVD-201808-124 // 
            
            
            
            NVD: CVE-2018-9866

SOURCES
db:VULHUBid:VHN-139898
db:JVNDBid:JVNDB-2018-009009
db:CNNVDid:CNNVD-201808-124
db:NVDid:CVE-2018-9866

LAST UPDATE DATE
2024-11-23T22:34:08.031000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139898date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-009009date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-124date:2019-10-17T00:00:00
db:NVDid:CVE-2018-9866date:2024-11-21T04:15:50.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-139898date:2018-08-03T00:00:00
db:JVNDBid:JVNDB-2018-009009date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-124date:2018-08-06T00:00:00
db:NVDid:CVE-2018-9866date:2018-08-03T20:29:00.343