What is the severity of CVE-2016-9683?

CVE-2016-9683 is classified as a high-severity vulnerability due to its potential for remote command injection.

How do I fix CVE-2016-9683?

To mitigate CVE-2016-9683, upgrade the SonicWall Secure Remote Access server to a patched version that addresses this vulnerability.

What specifically is vulnerable in CVE-2016-9683?

CVE-2016-9683 affects the web administrative interface, specifically the 'extensionsettings' CGI component.

Is CVE-2016-9683 likely to be exploited in the wild?

Yes, given its nature as a remote command injection vulnerability, CVE-2016-9683 could be targeted by attackers if not addressed.

What versions are affected by CVE-2016-9683?

CVE-2016-9683 specifically affects SonicWall Secure Remote Access Server version 8.1.0.2-14sv.

Vulnerability/
CVE-2016-9683

critical

CWE

22/2/2017

20/4/2025

CVE-2016-9683: Command Injection

First published: Wed Feb 22 2017(Updated: )

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SonicWall Secure Remote Access	=8.1.0.2-14sv
	=8.1.0.2-14sv

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9683?
CVE-2016-9683 is classified as a high-severity vulnerability due to its potential for remote command injection.
How do I fix CVE-2016-9683?
To mitigate CVE-2016-9683, upgrade the SonicWall Secure Remote Access server to a patched version that addresses this vulnerability.
What specifically is vulnerable in CVE-2016-9683?
CVE-2016-9683 affects the web administrative interface, specifically the 'extensionsettings' CGI component.
Is CVE-2016-9683 likely to be exploited in the wild?
Yes, given its nature as a remote command injection vulnerability, CVE-2016-9683 could be targeted by attackers if not addressed.
What versions are affected by CVE-2016-9683?
CVE-2016-9683 specifically affects SonicWall Secure Remote Access Server version 8.1.0.2-14sv.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/weakness
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/event
vendor/dell
canonical/sonicwall secure remote access
version/sonicwall secure remote access/8.1.0.2-14sv

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.