SonicWall GMS Remote Code Execution Vulnerability
漏洞信息
漏洞名称: SonicWall GMS Remote Code Execution Vulnerability
漏洞编号:
- CVE: CVE-2018-9866
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: ### 受影响产品
SonicWall GMS(Global Management System)是SonicWall公司提供的一款网络安全管理解决方案,广泛用于企业级网络环境中,用于集中管理和监控SonicWall防火墙及其他安全设备。该产品因其功能强大和易于管理而受到许多组织的青睐。
漏洞说明
此漏洞属于命令执行类型,存在于SonicWall GMS 8.1及更早版本中。漏洞的根源在于对传递给XML-RPC调用的用户提供参数缺乏充分的验证。攻击者可以通过构造恶意的XML-RPC请求,利用这一缺陷在目标系统上执行任意代码。由于漏洞需要远程访问才能利用,因此攻击者通常需要通过网络直接或间接访问目标系统。
影响分析
此漏洞的严重性被标记为“严重”,因为它允许远程攻击者在无需用户交互的情况下执行任意代码,可能导致完全控制系统。攻击者可以利用此漏洞进行数据泄露、服务中断或其他恶意活动。由于漏洞的利用不需要认证,且可以自动化执行,因此对使用受影响版本的SonicWall GMS的组织构成了重大安全威胁。及时更新到安全版本是缓解此风险的关键措施。
产品厂商: SonicWall
产品名称: SonicWall GMS
影响版本: version <= 8.1
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12748
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
SonicWall GMS versions 8.1 and earlier contain a lack of validation of user-supplied parameters pass to XML-RPC calls, letting remote attackers execute arbitrary code, exploit requires remote access.
Severity: Critical
POC:
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.