Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted…
mitre·CWE-134·Published 2007-12-07
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
Múltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810. Permite que atacantes remotos ejecuten código a su elección, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection. NOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los límites establecidos por los privilegios.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 9.3 | 8.6 | 10.0 | AV:N/AC:M/Au:N/C:C/I:C/A:C |