A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated malicious user to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and previous versions versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sonicwall sma_200_firmware 10.2.0.8-37sv |
||
sonicwall sma_200_firmware 10.2.1.1-19sv |
||
sonicwall sma_200_firmware 10.2.1.2-24sv |
||
sonicwall sma_210_firmware 10.2.0.8-37sv |
||
sonicwall sma_210_firmware 10.2.1.1-19sv |
||
sonicwall sma_210_firmware 10.2.1.2-24sv |
||
sonicwall sma_410_firmware 10.2.0.8-37sv |
||
sonicwall sma_410_firmware 10.2.1.1-19sv |
||
sonicwall sma_410_firmware 10.2.1.2-24sv |
||
sonicwall sma_400_firmware 10.2.0.8-37sv |
||
sonicwall sma_400_firmware 10.2.1.1-19sv |
||
sonicwall sma_400_firmware 10.2.1.2-24sv |
||
sonicwall sma_500v_firmware 10.2.0.8-37sv |
||
sonicwall sma_500v_firmware 10.2.1.1-19sv |
||
sonicwall sma_500v_firmware 10.2.1.2-24sv |
Get our weekly newsletter Nothing like topping off unauth'd remote code execution with a su password of ... password
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October. If you haven't yet applied the update, now would be a good time before it's widely exploited. So far there is no eviden...