CVE-2014-8420
published 2014-11-25CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2…
PriorityP264critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
23.99%
97.6th percentile
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analyzer | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated XML-RPC requests to port 21009 on SonicWall GMS virtual appliances, which is the attack vector for command injection via the set_time_zone function. ↗
- →Detect command injection patterns in the timezone parameter of XML-RPC calls; the shell script is invoked as: timeSetup.sh --tz="`command injection here`" --usentp="blah"', indicating backtick-style command substitution in the --tz argument. ↗
- →Flag execution of timeSetup.sh with suspicious or shell-metacharacter-containing arguments in the --tz parameter as a potential exploitation attempt. ↗
- ·The Metasploit module targets SonicWall GMS Virtual Appliance versions 8.1 (Build 8110.1197) and below with an unauthenticated XML-RPC attack vector, while CVE-2014-8420 as described in NVD specifically covers GMS before 7.2 SP2, Analyzer before 7.2 SP2, and UMA before 7.2 SP2 requiring authentication. These may represent overlapping but distinct vulnerability scopes; verify the exact affected version range before applying detections. ↗
- ·CVE-2014-8420 as documented by NVD requires remote authenticated users, whereas the Metasploit module describes an unauthenticated attack path. Detections should account for both authenticated and unauthenticated XML-RPC abuse scenarios. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x3g5-w3fq-h658: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7
ghsa_unreviewed·2022-05-14
CVE-2014-8420 [HIGH] CWE-20 GHSA-x3g5-w3fq-h658: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
SonicWall
CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA be
vendor_sonicwall·2014-11-25·CVSS 9.0
CVE-2014-8420 [CRITICAL] CWE-20 CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA be
CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/71241http://www.zerodayinitiative.com/advisories/ZDI-14-385/https://exchange.xforce.ibmcloud.com/vulnerabilities/98911https://support.software.dell.com/product-notification/136814http://www.securityfocus.com/bid/71241http://www.zerodayinitiative.com/advisories/ZDI-14-385/https://exchange.xforce.ibmcloud.com/vulnerabilities/98911https://support.software.dell.com/product-notification/136814
2014-11-25
Published