Sign-up

ID

VAR-201902-0693


CVE

CVE-2018-9867


TITLE

SonicWall SonicOS Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014589

DESCRIPTION

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). SonicWall SonicOS Contains an access control vulnerability.Information may be obtained. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2018-9867 // JVNDB: JVNDB-2018-014589 // VULHUB: VHN-139899

AFFECTED PRODUCTS

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.1.10

Trust: 1.8

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.3.1

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.4.0.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:5.0.0.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.0.5.3-86o

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2-8v_rc363

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.3

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc368

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.1.8

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.1.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.8

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.2.2

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc367

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc366

Trust: 1.0

sources: JVNDB: JVNDB-2018-014589 // NVD: CVE-2018-9867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9867
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9867
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-750
value: MEDIUM

Trust: 0.6

VULHUB: VHN-139899
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-9867
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139899
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9867
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-9867
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-139899 // JVNDB: JVNDB-2018-014589 // CNNVD: CNNVD-201902-750 // NVD: CVE-2018-9867

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-285

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-139899 // JVNDB: JVNDB-2018-014589 // NVD: CVE-2018-9867

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-750

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201902-750

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014589

PATCH
title:SNWLID-2018-0017url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017
Trust: 0.8
title:Dell SonicWall SonicOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89550
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014589 // 
            
            
            
            CNNVD: CNNVD-201902-750

EXTERNAL IDS
db:NVDid:CVE-2018-9867
Trust: 2.5
db:TENABLEid:TRA-2019-08
Trust: 1.7
db:JVNDBid:JVNDB-2018-014589
Trust: 0.8
db:CNNVDid:CNNVD-201902-750
Trust: 0.7
db:NSFOCUSid:42788
Trust: 0.6
db:CNVDid:CNVD-2020-15691
Trust: 0.1
db:VULHUBid:VHN-139899
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139899 // 
            
            
            
            JVNDB: JVNDB-2018-014589 // 
            
            
            
            CNNVD: CNNVD-201902-750 // 
            
            
            
            NVD: CVE-2018-9867

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0017
Trust: 1.7
url:https://www.tenable.com/security/research/tra-2019-08
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-9867
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9867
Trust: 0.8
url:http://www.nsfocus.net/vulndb/42788
Trust: 0.6
sources:
            
            
            VULHUB: VHN-139899 // 
            
            
            
            JVNDB: JVNDB-2018-014589 // 
            
            
            
            CNNVD: CNNVD-201902-750 // 
            
            
            
            NVD: CVE-2018-9867

SOURCES
db:VULHUBid:VHN-139899
db:JVNDBid:JVNDB-2018-014589
db:CNNVDid:CNNVD-201902-750
db:NVDid:CVE-2018-9867

LAST UPDATE DATE
2024-08-14T13:45:14.766000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139899date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014589date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-750date:2019-10-08T00:00:00
db:NVDid:CVE-2018-9867date:2022-06-16T16:18:55.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-139899date:2019-02-19T00:00:00
db:JVNDBid:JVNDB-2018-014589date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-750date:2019-02-19T00:00:00
db:NVDid:CVE-2018-9867date:2019-02-19T21:29:00.320