var-201505-0258
Vulnerability from variot
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell Sonicwall GMS 7.2 SP3 and earlier, Analyzer 7.2 SP3 and earlier, UMA EM5000 7.2 SP3 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall e-class universal management appliance em5000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.2 sp4"
},
{
"model": "gms virtual appliance",
"scope": null,
"trust": 0.7,
"vendor": "sonicwall",
"version": null
},
{
"model": "global management system",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
},
{
"model": "uma em5000",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "7.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_analyzer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:sonicwall_global_management_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:sonicwall_uma_em5000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dell:sonicwall_uma_em5000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kernelsmith - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
}
],
"trust": 0.7
},
"cve": "CVE-2015-3990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3990",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-81951",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3990",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-3990",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-424",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81951",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell Sonicwall GMS 7.2 SP3 and earlier, Analyzer 7.2 SP3 and earlier, UMA EM5000 7.2 SP3 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "VULHUB",
"id": "VHN-81951"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3990",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-15-231",
"trust": 3.2
},
{
"db": "BID",
"id": "74756",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032373",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2659",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81951",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"id": "VAR-201505-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81951"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:01:45.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GMS/Analyzer/UMA Remote Code Execution, XXE, and Host Header Injection Vulnerabilities Resolution - May 2015",
"trust": 0.8,
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"title": "SonicWALL has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.software.dell.com/product-notification/152178?productName=SonicWALL%20GMS"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-231/"
},
{
"trust": 1.7,
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74756"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032373"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3990"
},
{
"trust": 0.7,
"url": "https://support.software.dell.com/product-notification/152178?productname=sonicwall%20gms"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"db": "VULHUB",
"id": "VHN-81951"
},
{
"db": "BID",
"id": "74756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"date": "2015-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-81951"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74756"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"date": "2015-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"date": "2015-05-20T18:59:05.793000",
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "ZDI",
"id": "ZDI-15-231"
},
{
"date": "2018-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-81951"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74756"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002771"
},
{
"date": "2015-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-424"
},
{
"date": "2024-11-21T02:30:13.283000",
"db": "NVD",
"id": "CVE-2015-3990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product GMS ViewPoint Web An arbitrary command execution vulnerability in the application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "74756"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…