Vulnerability Description
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Uma Em5000 Firmware | 7.2 |
| Sonicwall | Uma Em5000 | - |
| Sonicwall | Analyzer | 7.2 |
| Sonicwall | Global Management System | 7.2 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1035015Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-163Third Party Advisory
- https://support.software.dell.com/product-notification/185943Vendor Advisory
- http://www.securitytracker.com/id/1035015Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-163Third Party Advisory
- https://support.software.dell.com/product-notification/185943Vendor Advisory
FAQ
What is CVE-2016-2397?
CVE-2016-2397 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted X...
How severe is CVE-2016-2397?
CVE-2016-2397 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2397?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Uma Em5000 Firmware, Sonicwall Uma Em5000, Sonicwall Analyzer, Sonicwall Global Management System.