9.9
CVE-2016-2396
- EPSS 0.59%
- Veröffentlicht 17.02.2016 15:59:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle zdi-disclosures@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sonicwall ≫ Global Management System Version7.2
Sonicwall ≫ Global Management System Version8.0
Sonicwall ≫ Global Management System Version8.1
Sonicwall ≫ Uma Em5000 Firmware Version7.2
Sonicwall ≫ Uma Em5000 Firmware Version8.0
Sonicwall ≫ Uma Em5000 Firmware Version8.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.