Vulnerability Name:

CVE-2007-5814 (CCN-38312)

Assigned:2007-11-01
Published:2007-11-01
Updated:2018-10-15
Summary:Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.
Note: the AddRouteEntry vector is covered by CVE-2007-5603.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Nov 01 2007 - 07:06:37 CDT
SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client

Source: MITRE
Type: CNA
CVE-2007-5814

Source: CCN
Type: SA27469
SonicWALL SSL VPN ActiveX Controls Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27469

Source: SREASON
Type: UNKNOWN
3342

Source: CCN
Type: SEC Consult Security Advisory < 20071101-0 >
Multiple vulnerabilities in SonicWALL SSL-VPN Client

Source: MISC
Type: UNKNOWN
http://www.sec-consult.com/303.html

Source: MISC
Type: UNKNOWN
http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt

Source: BUGTRAQ
Type: UNKNOWN
20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client

Source: BID
Type: Exploit
26288

Source: CCN
Type: BID-26288
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Source: CCN
Type: SonicWALL, Inc. Web site
SSL VPN SECURE REMOTE ACCESS

Source: VUPEN
Type: UNKNOWN
ADV-2007-3696

Source: XF
Type: UNKNOWN
sonicwall-nelaunchctrl-bo(38220)

Source: XF
Type: UNKNOWN
sonicwall-nelaunchctrl-multiple-bo(38312)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sonicwall:ssl_vpn:*:*:*:*:*:*:*:* (Version <= 2.1)
  • OR cpe:/a:sonicwall:ssl_vpn:*:*:*:*:*:*:*:* (Version <= 2.5)

    • * Denotes that component is vulnerable
    BACK
    sonicwall ssl vpn *
    sonicwall ssl vpn *