cbcvebase.
CVE-2016-2397
published 2016-02-17

CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and…

PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.44%
92.9th percentile
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

Affected

10 ranges
VendorProductVersion rangeFixed in
sonicwallanalyzer
sonicwallanalyzer
sonicwallanalyzer
sonicwallglobal_management_system
sonicwallglobal_management_system
sonicwallglobal_management_system
sonicwallgms
sonicwalluma_em5000_firmware
sonicwalluma_em5000_firmware
sonicwalluma_em5000_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts targeting the cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 by monitoring for crafted XML data sent to the cliserver endpoint that may contain serialized Java objects
  • ·Vulnerable versions are Dell SonicWALL GMS, Analyzer, and UMA EM5000 versions 7.2, 8.0, and 8.1 prior to Hotfix 168056; patched systems running Hotfix 168056 or later are not affected

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.