Vulnerability Description
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Global Management System | <= 8.1 |
Related Weaknesses (CWE)
References
- https://github.com/rapid7/metasploit-framework/pull/10305ExploitIssue TrackingThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007Third Party Advisory
- https://twitter.com/ddouhine/status/1019251292202586112Third Party Advisory
- https://github.com/rapid7/metasploit-framework/pull/10305ExploitIssue TrackingThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007Third Party Advisory
- https://twitter.com/ddouhine/status/1019251292202586112Third Party Advisory
FAQ
What is CVE-2018-9866?
CVE-2018-9866 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Th...
How severe is CVE-2018-9866?
CVE-2018-9866 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-9866?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Global Management System.