CVE-2014-8420

Sonicwall Analyzer - Improper Input Validation

Title source: rule

Description

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Michael Flanders, kernelsmith · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/sonicwall/sonicwall_xmlrpc_rce.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71241

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-14-385/

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98911

[Vendor Advisory] https://support.software.dell.com/product-notification/136814

Scores

EPSS 0.7381

EPSS Percentile 98.8%

Details

CWE

CWE-20

Status published

Products (3)

sonicwall/analyzer 7.2 sp1

sonicwall/global_management_system 7.2 sp1

sonicwall/uma_em5000

Published Nov 25, 2014

Tracked Since Feb 18, 2026