module
SonicWALL SSL-VPN Format String Vulnerability
| Disclosed | Created |
|---|---|
| 2009-05-29 | 2018-05-30 |
Disclosed
2009-05-29
Created
2018-05-30
Description
There is a format string vulnerability within the SonicWALL
SSL-VPN Appliance - 200, 2000 and 4000 series. Arbitrary memory
can be read or written to, depending on the format string used.
There appears to be a length limit of 127 characters of format
string data. With physical access to the device and debugging,
this module may be able to be used to execute arbitrary code remotely.
SSL-VPN Appliance - 200, 2000 and 4000 series. Arbitrary memory
can be read or written to, depending on the format string used.
There appears to be a length limit of 127 characters of format
string data. With physical access to the device and debugging,
this module may be able to be used to execute arbitrary code remotely.
Author
aushack patrick@osisecurity.com.au
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.