CVE-2007-6273

CVSS 9.3 - HIGH

Description

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.

Affected Products

2

Vendor	Product	Version
sonicwall	global_vpn_client	`3.1.556`
sonicwall	global_vpn_client	`4.0.0.810`

References

http://marc.info/?l=bugtraq&m=119678272603064&w=2

http://secunia.com/advisories/27917

http://www.sec-consult.com/305.html

http://www.securityfocus.com/bid/26689

http://www.securitytracker.com/id?1019038

http://www.vupen.com/english/advisories/2007/4094

http://marc.info/?l=bugtraq&m=119678272603064&w=2

http://secunia.com/advisories/27917

http://www.sec-consult.com/305.html

http://www.securityfocus.com/bid/26689

http://www.securitytracker.com/id?1019038

http://www.vupen.com/english/advisories/2007/4094

Weakness Types

CWE-134

CVE Information

CVE ID:: CVE-2007-6273
Published:: 2007-12-07
Modified:: 2026-04-23
CVSS Score:: 9.3
Severity:: HIGH
Vector:: AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Vendors

sonicwall

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL