Description

SonicWall "Virtual Office" SSL-VPN Products (versions 8.0.0.0 and lower) contain a Bash version that is vulnerable to the ShellShock exploit and are therefore vulnerable to unauthenticated remote code execution via the /cgi-bin/jarrewrite.sh endpoint.

This vulnerability was patched in 2015 in SMA 8.0.0.4. It cannot be exploited in version 9 or 10.

Remediation

Upgrade to the latest version of SonicWall SSL-VPN.

References

Related Vulnerabilities