module
SonicWall Global Management System XMLRPC set_time_zone Unauth RCE
| Disclosed | Created |
|---|---|
| 2016-07-22 | 2019-03-19 |
Disclosed
2016-07-22
Created
2019-03-19
Description
This module exploits a vulnerability in SonicWall Global
Management System Virtual Appliance versions 8.1 (Build 8110.1197)
and below. This virtual appliance can be downloaded from
http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a
holistic way to manage your entire network security environment.'
These vulnerable versions (8.1 Build 8110.1197 and below) do not
prevent unauthenticated, external entities from making XML-RPC
requests to port 21009 of the virtual app. After the XML-RPC call
is made, a shell script is called like so:
'timeSetup.sh --tz="`command injection here`"' --usentp="blah"'.
Management System Virtual Appliance versions 8.1 (Build 8110.1197)
and below. This virtual appliance can be downloaded from
http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a
holistic way to manage your entire network security environment.'
These vulnerable versions (8.1 Build 8110.1197 and below) do not
prevent unauthenticated, external entities from making XML-RPC
requests to port 21009 of the virtual app. After the XML-RPC call
is made, a shell script is called like so:
'timeSetup.sh --tz="`command injection here`"' --usentp="blah"'.
Authors
Michael Flanders
kernelsmith
kernelsmith
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.