CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/71241	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-14-385/	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98911	VDB Entry
https://support.software.dell.com/product-notification/136814	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-25 15:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-8420

Mitre link : CVE-2014-8420

CVE.ORG link : CVE-2014-8420

JSON object : View

Products Affected

sonicwall

analyzer
uma_em5000
global_management_system

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-8420", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-25T15:59:04.637", "references": [{"url": "http://www.securityfocus.com/bid/71241", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://support.software.dell.com/product-notification/136814", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "La aplicaci\u00f3n web ViewPoint en Dell SonicWALL Global Management System (GMS) anterior a 7.2 SP2, SonicWALL Analyzer anterior a 7.2 SP2, y SonicWALL UMA anterior a 7.2 SP2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2018-03-12T17:25:44.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C372C6-BEFE-4839-87F6-ECA3E83554DC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBFA0E1-2897-42BB-87F3-19731E95C5DC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}