CVE-2007-6273

SonicWALL GLobal VPN Client <4.0.0.810 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6273. PoCs published by SEC Consult.

AI-analyzed exploit summary This exploit demonstrates a format-string vulnerability in SonicWALL Global VPN Client. The PoC uses malformed format specifiers in the 'Connection name' and 'HostName' fields to trigger the vulnerability, potentially leading to arbitrary code execution or denial-of-service.

Description

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SEC Consult · textdoswindows

https://www.exploit-db.com/exploits/30840

View Code ZIP pw:eip

This exploit demonstrates a format-string vulnerability in SonicWALL Global VPN Client. The PoC uses malformed format specifiers in the 'Connection name' and 'HostName' fields to trigger the vulnerability, potentially leading to arbitrary code execution or denial-of-service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: SonicWALL Global VPN Client < 4.0.0.830

No auth needed

Prerequisites: Network access to the target system · SonicWALL Global VPN Client installed and running

MITRE ATT&CK