CVE-2018-5691

low-risk
Published 2018-01-14

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Sonicwall

References (6)

Broken Link http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issu...
Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003
Exploit https://www.vulnerability-lab.com/get_content.php?id=1819
Broken Link http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issu...
Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003
Exploit https://www.vulnerability-lab.com/get_content.php?id=1819
29
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low