“Sonicwall_xmlrpc_rce is a remote exploit against SonicWall Global Management
System Virtual Appliance and is written by Michael Flanders of Trend
Micro Zero Day Initiative with assistance by @kernelsmith of Trend Micro Zero
Day Initiative. It is considered a reliable exploit, and allows you to remotely
execute commands as root.

Vulnerable Application

  • This exploit works against a vulnerable SonicWall Global Management System
    Virtual Appliance (A.K.A. Sonicwall GMSVP) of versions 8.1 (Build 8110.1197) and
    earlier. The virtual appliance can be downloaded here:

  • This module exploits the virtual appliance’s lack of checking on user-supplied
    parameters to XML-RPC calls to a vulnerable Java service running on port 21009.
    A call to a shell script is made using this user-supplied parameter contained in
    backticks allowing command substitution and remote code execution.
  • To reliably determine whether the target virtual appliance is vulnerable,
    you will have to examine the web console’s login page. This is also automatically
    done in the check function of the exploit.”

Read more: Rapid7

Reference: Sonicwall Advisory

 

OUR SECURITY SERVICES INCLUDE:

FNS1 THREATcheck

 Register for your FREE Threat Check today: https://fns1.com/threatcheck/
Advertisements