cbcvebase.
CVE-2014-8420
published 2014-11-25

CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2…

PriorityP264critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
23.99%
97.6th percentile
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Affected

3 ranges
VendorProductVersion rangeFixed in
sonicwallanalyzer
sonicwallglobal_management_system
sonicwallgms

Detection & IOCsextracted from sources · hover to see the quote

port21009
  • Monitor for unauthenticated XML-RPC requests to port 21009 on SonicWall GMS virtual appliances, which is the attack vector for command injection via the set_time_zone function.
  • Detect command injection patterns in the timezone parameter of XML-RPC calls; the shell script is invoked as: timeSetup.sh --tz="`command injection here`" --usentp="blah"', indicating backtick-style command substitution in the --tz argument.
  • Flag execution of timeSetup.sh with suspicious or shell-metacharacter-containing arguments in the --tz parameter as a potential exploitation attempt.
  • ·The Metasploit module targets SonicWall GMS Virtual Appliance versions 8.1 (Build 8110.1197) and below with an unauthenticated XML-RPC attack vector, while CVE-2014-8420 as described in NVD specifically covers GMS before 7.2 SP2, Analyzer before 7.2 SP2, and UMA before 7.2 SP2 requiring authentication. These may represent overlapping but distinct vulnerability scopes; verify the exact affected version range before applying detections.
  • ·CVE-2014-8420 as documented by NVD requires remote authenticated users, whereas the Metasploit module describes an unauthenticated attack path. Detections should account for both authenticated and unauthenticated XML-RPC abuse scenarios.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.