What is CVE-2014-8420?

CVE-2014-8420 is a vulnerability in Sonicwall Analyzer, classified under Improper Input Validation. Published 2014-11-25.

Is CVE-2014-8420 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Sonicwall Analyzer

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.738 (98.8th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Analyzer — versions 7.2
Sonicwall Global_management_system — versions 7.2
Sonicwall Uma_em5000
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
dell-sonicwall-cve20148420-code-exec(98911) (VDB Entry, vdb-entry, x_refsource_XF)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
71241 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-8420?: CVE-2014-8420 is a vulnerability in Sonicwall Analyzer, classified under Improper Input Validation. Published 2014-11-25.
Is CVE-2014-8420 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.