Vulnerabilites related to SonicWall - SonicOSv
CVE-2018-9867 (GCVE-0-2018-9867)
Vulnerability from cvelistv5
Published
2019-02-19 21:00
Modified
2024-08-05 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.1.10 and earlier"
},
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "6.5.1.3"
},
{
"status": "affected",
"version": "6.5.2.2"
},
{
"status": "affected",
"version": "6.5.3.1"
},
{
"status": "affected",
"version": "6.2.7.8"
},
{
"status": "affected",
"version": "6.4.0.0"
},
{
"status": "affected",
"version": "6.5.1.8"
},
{
"status": "affected",
"version": "6.0.5.3-86o"
}
]
},
{
"product": "SonicOSv",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC368 (AWS)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
],
"datePublic": "2019-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T17:20:39",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2018-9867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "5.9.1.10 and earlier"
},
{
"version_value": "6.2.7.3"
},
{
"version_value": "6.5.1.3"
},
{
"version_value": "6.5.2.2"
},
{
"version_value": "6.5.3.1"
},
{
"version_value": "6.2.7.8"
},
{
"version_value": "6.4.0.0"
},
{
"version_value": "6.5.1.8"
},
{
"version_value": "6.0.5.3-86o"
}
]
}
},
{
"product_name": "SonicOSv",
"version": {
"version_data": [
{
"version_value": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"version_value": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"version_value": "6.5.0.2.8v_RC368 (AWS)"
},
{
"version_value": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-08",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2018-9867",
"datePublished": "2019-02-19T21:00:00",
"dateReserved": "2018-04-09T00:00:00",
"dateUpdated": "2024-08-05T07:24:56.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7479 (GCVE-0-2019-7479)
Vulnerability from cvelistv5
Published
2019-12-31 01:30
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:26.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.1.12-4o"
},
{
"status": "affected",
"version": "6.2.7.4-32n"
},
{
"status": "affected",
"version": "6.5.1.4-4n"
},
{
"status": "affected",
"version": "6.5.2.3-4n"
},
{
"status": "affected",
"version": "6.5.3.3-3n"
},
{
"status": "affected",
"version": "6.2.7.10-3n"
},
{
"status": "affected",
"version": "6.4.1.0-3n"
},
{
"status": "affected",
"version": "6.5.1.9-4n"
}
]
},
{
"product": "SonicOSv",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC368 (AWS)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T01:30:14",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2019-7479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "5.9.1.12-4o"
},
{
"version_value": "6.2.7.4-32n"
},
{
"version_value": "6.5.1.4-4n"
},
{
"version_value": "6.5.2.3-4n"
},
{
"version_value": "6.5.3.3-3n"
},
{
"version_value": "6.2.7.10-3n"
},
{
"version_value": "6.4.1.0-3n"
},
{
"version_value": "6.5.3.3-3n"
},
{
"version_value": "6.5.1.9-4n"
}
]
}
},
{
"product_name": "SonicOSv",
"version": {
"version_data": [
{
"version_value": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"version_value": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"version_value": "6.5.0.2.8v_RC368 (AWS)"
},
{
"version_value": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2019-7479",
"datePublished": "2019-12-31T01:30:14",
"dateReserved": "2019-02-06T00:00:00",
"dateUpdated": "2024-08-04T20:54:26.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7477 (GCVE-0-2019-7477)
Vulnerability from cvelistv5
Published
2019-04-02 17:20
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:27.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.1.10 and earlier"
},
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "6.5.1.3"
},
{
"status": "affected",
"version": "6.5.2.2"
},
{
"status": "affected",
"version": "6.5.3.1"
},
{
"status": "affected",
"version": "6.2.7.8"
},
{
"status": "affected",
"version": "6.4.0.0"
},
{
"status": "affected",
"version": "6.5.1.8"
},
{
"status": "affected",
"version": "6.0.5.3-86o"
}
]
},
{
"product": "SonicOSv",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC368 (AWS)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T17:20:39",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2019-7477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "5.9.1.10 and earlier"
},
{
"version_value": "6.2.7.3"
},
{
"version_value": "6.5.1.3"
},
{
"version_value": "6.5.2.2"
},
{
"version_value": "6.5.3.1"
},
{
"version_value": "6.2.7.8"
},
{
"version_value": "6.4.0.0"
},
{
"version_value": "6.5.1.8"
},
{
"version_value": "6.0.5.3-86o"
}
]
}
},
{
"product_name": "SonicOSv",
"version": {
"version_data": [
{
"version_value": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"version_value": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"version_value": "6.5.0.2.8v_RC368 (AWS)"
},
{
"version_value": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2019-7477",
"datePublished": "2019-04-02T17:20:39",
"dateReserved": "2019-02-06T00:00:00",
"dateUpdated": "2024-08-04T20:54:27.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7474 (GCVE-0-2019-7474)
Vulnerability from cvelistv5
Published
2019-04-02 17:20
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-248 - Uncaught Exception
Summary
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.1.10 and earlier"
},
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "6.5.1.3"
},
{
"status": "affected",
"version": "6.5.2.2"
},
{
"status": "affected",
"version": "6.5.3.1"
},
{
"status": "affected",
"version": "6.2.7.8"
},
{
"status": "affected",
"version": "6.4.0.0"
},
{
"status": "affected",
"version": "6.5.1.8"
},
{
"status": "affected",
"version": "6.0.5.3-86o"
}
]
},
{
"product": "SonicOSv",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC368 (AWS)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T17:20:39",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2019-7474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "5.9.1.10 and earlier"
},
{
"version_value": "6.2.7.3"
},
{
"version_value": "6.5.1.3"
},
{
"version_value": "6.5.2.2"
},
{
"version_value": "6.5.3.1"
},
{
"version_value": "6.2.7.8"
},
{
"version_value": "6.4.0.0"
},
{
"version_value": "6.5.1.8"
},
{
"version_value": "6.0.5.3-86o"
}
]
}
},
{
"product_name": "SonicOSv",
"version": {
"version_data": [
{
"version_value": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"version_value": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"version_value": "6.5.0.2.8v_RC368 (AWS)"
},
{
"version_value": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2019-7474",
"datePublished": "2019-04-02T17:20:39",
"dateReserved": "2019-02-06T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7475 (GCVE-0-2019-7475)
Vulnerability from cvelistv5
Published
2019-04-02 17:20
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.1.10 and earlier"
},
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "6.5.1.3"
},
{
"status": "affected",
"version": "6.5.2.2"
},
{
"status": "affected",
"version": "6.5.3.1"
},
{
"status": "affected",
"version": "6.2.7.8"
},
{
"status": "affected",
"version": "6.4.0.0"
},
{
"status": "affected",
"version": "6.5.1.8"
},
{
"status": "affected",
"version": "6.0.5.3-86o"
}
]
},
{
"product": "SonicOSv",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC368 (AWS)"
},
{
"status": "affected",
"version": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T17:20:39",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2019-7475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "5.9.1.10 and earlier"
},
{
"version_value": "6.2.7.3"
},
{
"version_value": "6.5.1.3"
},
{
"version_value": "6.5.2.2"
},
{
"version_value": "6.5.3.1"
},
{
"version_value": "6.2.7.8"
},
{
"version_value": "6.4.0.0"
},
{
"version_value": "6.5.1.8"
},
{
"version_value": "6.0.5.3-86o"
}
]
}
},
{
"product_name": "SonicOSv",
"version": {
"version_data": [
{
"version_value": "6.5.0.2-8v_RC363 (VMWARE)"
},
{
"version_value": "6.5.0.2.8v_RC367 (AZURE)"
},
{
"version_value": "6.5.0.2.8v_RC368 (AWS)"
},
{
"version_value": "6.5.0.2.8v_RC366 (HYPER_V)"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2019-7475",
"datePublished": "2019-04-02T17:20:39",
"dateReserved": "2019-02-06T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}