What is CVE-2016-2396?

CVE-2016-2396 is a critical-severity vulnerability in Sonicwall Analyzer, classified under Command Injection. CVSS score: 9.9/10. Published 2016-02-17.

How severe is CVE-2016-2396?

Critical severity. CVSS v3 base score is 9.9 out of 10.

RCE in Sonicwall Analyzer

CVE-2016-2396

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (69.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Sonicwall Analyzer — versions 7.2, 8.0, 8.1
Sonicwall Global_management_system — versions 7.2, 8.0, 8.1
Sonicwall Uma_em5000
Sonicwall Uma_em5000_firmware — versions 7.2, 8.0, 8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

1035015 (vdb-entry, x_refsource_SECTRACK)
zdi-disclosures@trendmicro.com (x_refsource_MISC)
zdi-disclosures@trendmicro.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-2396?: CVE-2016-2396 is a critical-severity vulnerability in Sonicwall Analyzer, classified under Command Injection. CVSS score: 9.9/10. Published 2016-02-17.
How severe is CVE-2016-2396?: Critical severity. CVSS v3 base score is 9.9 out of 10.