Vulnerability CVE-2015-3990


Published: 2015-05-20   Modified: 2015-05-21

Description:
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

Type:

CWE-19

(Data Handling)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Sonicwall -> Analyzer 
Sonicwall -> Global management system 
Sonicwall -> Uma em5000 firmware 
DELL -> Sonicwall analyzer 
DELL -> Sonicwall global management system 
DELL -> Sonicwall umaem5000 firmware 

 References:
http://www.securityfocus.com/bid/74756
http://www.securitytracker.com/id/1032373
http://www.zerodayinitiative.com/advisories/ZDI-15-231/
https://support.software.dell.com/product-notification/152178

Copyright 2020, cxsecurity.com

 

Back to Top