CVE-2007-5815

SonicWall SSL-VPN <2.1-2.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5815. PoCs published by Will Dormann.

AI-analyzed exploit summary This exploit demonstrates a file deletion vulnerability in the SonicWALL SSL VPN Client via an ActiveX control. It creates an object of 'MLWebCacheCleaner.WebCacheCleaner.1' and calls the 'FileDelete' method to delete an arbitrary file.

Description

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Will Dormann · textremotewindows

https://www.exploit-db.com/exploits/30730

View Code ZIP pw:eip

This exploit demonstrates a file deletion vulnerability in the SonicWALL SSL VPN Client via an ActiveX control. It creates an object of 'MLWebCacheCleaner.WebCacheCleaner.1' and calls the 'FileDelete' method to delete an arbitrary file.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: SonicWALL SSL VPN Client 1.3.0.3

No auth needed

Prerequisites: ActiveX controls enabled in the target environment · Access to execute VBScript on the target system

MITRE ATT&CK