Sign-up

ID

VAR-201904-0373


CVE

CVE-2019-7474


TITLE

SonicWall SonicOS and SonicOSv Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003234

DESCRIPTION

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). SonicWall SonicOS and SonicOSv Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. An access control error vulnerability exists in SonicWall SonicOS. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2019-7474 // JVNDB: JVNDB-2019-003234 // VULHUB: VHN-158909

AFFECTED PRODUCTS

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.3.1

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.4.0.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.0.5.3-86o

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2-8v_rc363

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.3

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc368

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.1.8

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.1.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.8

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.1.10

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.2.2

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc367

Trust: 1.0

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2.8v_rc366

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:gen 5 5.9.1.10

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.0.5.3-86o

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.2.7.3

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.2.7.8

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.4.0.0

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.5.1.3

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.5.1.8

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.5.2.2

Trust: 0.8

vendor:sonicwallmodel:sonicosscope:eqversion:gen 6 6.5.3.1

Trust: 0.8

vendor:sonicwallmodel:sonicosvscope:eqversion:6.5.0.2-8v_rc363 (vmware)

Trust: 0.8

sources: JVNDB: JVNDB-2019-003234 // NVD: CVE-2019-7474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7474
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-7474
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-102
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158909
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7474
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158909
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7474
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-7474
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158909 // JVNDB: JVNDB-2019-003234 // CNNVD: CNNVD-201904-102 // NVD: CVE-2019-7474

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-248

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-158909 // JVNDB: JVNDB-2019-003234 // NVD: CVE-2019-7474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-102

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-102

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003234

PATCH
title:SNWLID-2019-0001url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001
Trust: 0.8
title:SonicWall SonicOS Fixes for other vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91025
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003234 // 
            
            
            
            CNNVD: CNNVD-201904-102

EXTERNAL IDS
db:NVDid:CVE-2019-7474
Trust: 2.5
db:JVNDBid:JVNDB-2019-003234
Trust: 0.8
db:CNNVDid:CNNVD-201904-102
Trust: 0.7
db:VULHUBid:VHN-158909
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158909 // 
            
            
            
            JVNDB: JVNDB-2019-003234 // 
            
            
            
            CNNVD: CNNVD-201904-102 // 
            
            
            
            NVD: CVE-2019-7474

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0001
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7474
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7474
Trust: 0.8
sources:
            
            
            VULHUB: VHN-158909 // 
            
            
            
            JVNDB: JVNDB-2019-003234 // 
            
            
            
            CNNVD: CNNVD-201904-102 // 
            
            
            
            NVD: CVE-2019-7474

SOURCES
db:VULHUBid:VHN-158909
db:JVNDBid:JVNDB-2019-003234
db:CNNVDid:CNNVD-201904-102
db:NVDid:CVE-2019-7474

LAST UPDATE DATE
2024-08-14T14:39:01.311000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158909date:2020-10-06T00:00:00
db:JVNDBid:JVNDB-2019-003234date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201904-102date:2020-10-09T00:00:00
db:NVDid:CVE-2019-7474date:2020-10-06T13:24:20.083

SOURCES RELEASE DATE
db:VULHUBid:VHN-158909date:2019-04-02T00:00:00
db:JVNDBid:JVNDB-2019-003234date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201904-102date:2019-04-02T00:00:00
db:NVDid:CVE-2019-7474date:2019-04-02T18:30:25.147