| Title | 複数の Dell SonicWALL 製品の GMS ViewPoint Web アプリケーションにおける任意のコマンドを実行される脆弱性 |
|---|---|
| Summary | Dell SonicWALL GMS、Analyzer、および UMA EM5000 の GMS ViewPoint (GMSVP) Web アプリケーションには、任意のコマンドを実行される脆弱性が存在します。 補足情報 : CWE による脆弱性タイプは、CWE-77: Improper Neutralization of Special Elements used in a Command (コマンドインジェクション) と識別されています。 http://cwe.mitre.org/data/definitions/77.html |
| Possible impacts | リモート認証されたユーザにより、設定入力に関する処理を介して、任意のコマンドを実行される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Feb. 10, 2016, midnight |
| Registration Date | March 3, 2016, 4:48 p.m. |
| Last Update | March 3, 2016, 4:48 p.m. |
| CVSS2.0 : 危険 | |
| Score | 9 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| デル |
| Dell SonicWALL Analyzer 7.2 |
| Dell SonicWALL Analyzer 8.0 |
| Dell SonicWALL Analyzer 8.1 |
| Dell SonicWALL Analyzer 7.2 |
| Dell SonicWALL Analyzer 8.0 |
| Dell SonicWALL Analyzer 8.1 |
| Dell SonicWALL Global Management System 7.2 |
| Dell SonicWALL Global Management System 8.0 |
| Dell SonicWALL Global Management System 8.1 |
| Dell SonicWALL Global Management System 7.2 |
| Dell SonicWALL Global Management System 8.0 |
| Dell SonicWALL Global Management System 8.1 |
| SonicWALL E-Class Universal Management Appliance EM5000 |
| SonicWALL E-Class Universal Management Appliance EM5000 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 7.2 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 8.0 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 8.1 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 7.2 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 8.0 |
| SonicWALL E-Class Universal Management Appliance EM5000 ファームウェア 8.1 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年03月03日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. |
|---|---|
| Publication Date | Feb. 18, 2016, 12:59 a.m. |
| Registration Date | Jan. 26, 2021, 2:08 p.m. |
| Last Update | Nov. 21, 2024, 11:48 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:* | ||||