Home
Product
Product

Delivering high value, high performance and high experience cutting edge technology products to customers worldwide
CLICK MORE
- SMS
- PAM
- EPV
- DIM
- DBXPEXT
- DAF
- NGDAP
- NGWAF
- DDM
- iLOG
- iSIEM
Solution
Solution

Bringing an efficient, green and innovative Solution and application experience to the world
CLICK MORE
- Operator
- Finance
- Energy
- Medicine
- Government
- Internet
- Educational
- Enterprises
Support
Support

Bringing professional, timely and personalised security services and technical support to customers worldwide
CLICK MORE
Channel
Channel

To provide a win-win, honest and innovative cooperation platform for global partners
CLICK MORE
Video
About Us
About Us

Vertical specialisation Continuous innovation Unique craftsmanship
CLICK MORE

中文

Home
Product

SMS PAM EPV DIM DBXPEXT DAF NGDAP NGWAF DDM iLOG iSIEM
Solution

Operator Finance Energy Medicine Government Internet Educational Enterprises
Support

Security research Security services Training After-sales service
Channel

Cooperation Channel Policy Process
Video
About Us

Company Profile Corporate Culture Qualification News Media Recruit Contact Us
Fund

Social welfare Educational public welfare

Security research

Hanwu Safety Laboratory

Vulnerability warning

Security Bulletin

sonic wall ssl-vpn remote command execution vulnerability

0x00 Vulnerability number

Not yet

0x01 Hazard level

high-risk

0x02 vulnerability overview

The sonic wall ssl-vpn product uses a very old Linux kernel and HTTP CGI executable program, which cannot correctly parse the HTTP header when processing HTTP requests. This vulnerability leads to command injection, which allows remote attackers to gain control privileges.

0x03 version affected

Sonic SMA < 8.0.0.4

0x04 repair suggestions

Users are advised to update the Security version in time:

https://www.sonicwall.com/zh-cn/

0x05 verify exp

https://github.com/darrenmartyn/Visual Door

下一條：security risk notification of ...Previous：None

Return