CVE-2018-9866

Description

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SonicWall / Global Management System (GMS)8.1 and earlier – 8.1 and earlier

References

MISChttps://twitter.com/ddouhine/status/1019251292202586112
EXPLOIThttps://github.com/rapid7/metasploit-framework/pull/10305
VENDOR_ADVISORYhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007