CVE-2016-9683

high-risk
Published 2017-02-22

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.

Do I need to act?

!
22.0% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
41415
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Dell

References (8)

Release Notes http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-note...
http://pastebin.com/eJbeXgBr
http://www.securityfocus.com/bid/96375
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004
Release Notes http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-note...
http://pastebin.com/eJbeXgBr
http://www.securityfocus.com/bid/96375
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004
51
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal