CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-14-385/	Third Party Advisory VDB Entry
https://support.software.dell.com/product-notification/136814	Vendor Advisory
http://www.securityfocus.com/bid/71241	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98911	VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*

Information

Published : 2014-11-25 07:59

Updated : 2018-03-12 10:25

NVD link : CVE-2014-8420

Mitre link : CVE-2014-8420

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

sonicwall

uma_em5000
global_management_system
analyzer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/", "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://support.software.dell.com/product-notification/136814", "name": "https://support.software.dell.com/product-notification/136814", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/71241", "name": "71241", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911", "name": "dell-sonicwall-cve20148420-code-exec(98911)", "tags": ["VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-8420", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-11-25T15:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-03-12T17:25Z"}

9.0 /10