Vulnerability Details : CVE-2015-3990
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
Products affected by CVE-2015-3990
- cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:uma_em5000_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3990
12.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3990
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2015-3990
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3990
-
http://www.zerodayinitiative.com/advisories/ZDI-15-231/
ZDI-15-231 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1032373
Dell SonicWALL GMS/Analyzer Bugs Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticated Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/74756
Multiple Dell SonicWALL Products CVE-2015-3990 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://support.software.dell.com/product-notification/152178
Vendor Advisory
Jump to