漏洞描述
2021年8月17日 SonicWall 官方披露 CVE-2021-20032 SonicWall Analytics JDWP 远程代码执行漏洞。由于 SonicWall Analytics默认在端口9000上对外暴露 JDWP服务,攻击者可直接构造恶意请求造成远程代码执行。
SonicWall Analytics JDWP 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-14651: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
- POC CVE-2017-18556: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
- POC CVE-2019-7481: SonicWall SRA 4600 VPN - SQL Injection
- POC CVE-2021-20031: SonicWall SonicOS 7.0 - Open Redirect
- POC CVE-2021-20038: SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
- POC CVE-2022-24637: Open Web Analytics 1.7.3 - Remote Code Execution
- POC CVE-2022-43769: Hitachi Pentaho Business Analytics Server - Remote Code Execution
- POC CVE-2023-0126: SonicWall SMA1000 LFI
- POC CVE-2023-0630: Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
- POC CVE-2023-34124: SonicWall GMS and Analytics Web Services - Shell Injection
- POC CVE-2024-0250: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
- POC CVE-2023-0126: SonicWall SMA1000 LFI
- POC azure-synapse-sqlpool-tde-disabled: Azure Synapse Analytics SQL Pool Transparent Data Encryption Not Enabled