CVE-2016-2397
published 2016-02-17CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.44%
92.9th percentile
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analyzer | — | — |
| sonicwall | analyzer | — | — |
| sonicwall | analyzer | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | uma_em5000_firmware | — | — |
| sonicwall | uma_em5000_firmware | — | — |
| sonicwall | uma_em5000_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting the cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 by monitoring for crafted XML data sent to the cliserver endpoint that may contain serialized Java objects ↗
- ·Vulnerable versions are Dell SonicWALL GMS, Analyzer, and UMA EM5000 versions 7.2, 8.0, and 8.1 prior to Hotfix 168056; patched systems running Hotfix 168056 or later are not affected ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deseria
vendor_sonicwall·2016-02-17·CVSS 9.8
CVE-2016-2397 [CRITICAL] CWE-77 CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deseria
CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
GHSA
GHSA-v2j2-vm4g-crf7: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7
ghsa_unreviewed·2022-05-14
CVE-2016-2397 [CRITICAL] CWE-77 GHSA-v2j2-vm4g-crf7: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1035015http://www.zerodayinitiative.com/advisories/ZDI-16-163https://support.software.dell.com/product-notification/185943http://www.securitytracker.com/id/1035015http://www.zerodayinitiative.com/advisories/ZDI-16-163https://support.software.dell.com/product-notification/185943
2016-02-17
Published