Vulnerability Description
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Analyzer | 7.2 |
| Sonicwall | Global Management System | 7.2 |
| Sonicwall | Uma Em5000 Firmware | 7.2 |
| Sonicwall | Uma Em5000 | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1035015
- http://www.zerodayinitiative.com/advisories/ZDI-16-164
- https://support.software.dell.com/product-notification/185943
- http://www.securitytracker.com/id/1035015
- http://www.zerodayinitiative.com/advisories/ZDI-16-164
- https://support.software.dell.com/product-notification/185943
FAQ
What is CVE-2016-2396?
CVE-2016-2396 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vec...
How severe is CVE-2016-2396?
CVE-2016-2396 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2396?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Analyzer, Sonicwall Global Management System, Sonicwall Uma Em5000 Firmware, Sonicwall Uma Em5000.