Back to KEVs

CVE-2018-9866

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 09, 2018
Published Date
August 03, 2018
Last Updated
August 05, 2024
Vendor
SonicWall
Product
Global Management System (GMS)
Description
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
Tags
edge

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
12.14% (Percentile: 93.44%) as of 2025-05-24

Exploit Status

Exploited in the Wild
Yes (2025-04-26 00:00:00 UTC) Source

References

https://twitter.com/ddouhine/status/1019251292202586112 https://github.com/rapid7/metasploit-framework/pull/10305 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel