Sign-up

ID

VAR-201904-1559


CVE

CVE-2019-7476


TITLE

SonicWall Global Management System Vulnerabilities related to key management errors

Trust: 0.8

sources: JVNDB: JVNDB-2019-004126

DESCRIPTION

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. SonicWall Global Management System (GMS) is a global management system of SonicWall Corporation in the United States. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. The following versions are affected: SonicWall Global Management System Version 9.1, Version 9.0, Version 8.7, Version 8.6, Version 8.4, Version 8.3

Trust: 1.71

sources: NVD: CVE-2019-7476 // JVNDB: JVNDB-2019-004126 // VULHUB: VHN-158911

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:lteversion:8.3

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:8.4

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:8.6

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:8.7

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:9.0

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:9.1

Trust: 1.8

sources: JVNDB: JVNDB-2019-004126 // NVD: CVE-2019-7476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7476
value: HIGH

Trust: 1.0

NVD: CVE-2019-7476
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-889
value: HIGH

Trust: 0.6

VULHUB: VHN-158911
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7476
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158911
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7476
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7476
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158911 // JVNDB: JVNDB-2019-004126 // CNNVD: CNNVD-201904-889 // NVD: CVE-2019-7476

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-320

Trust: 0.9

sources: VULHUB: VHN-158911 // JVNDB: JVNDB-2019-004126 // NVD: CVE-2019-7476

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-889

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-889

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004126

PATCH
title:SNWLID-2019-0004url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004
Trust: 0.8
title:SonicWall Global Management System Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91727
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004126 // 
            
            
            
            CNNVD: CNNVD-201904-889

EXTERNAL IDS
db:NVDid:CVE-2019-7476
Trust: 2.5
db:JVNDBid:JVNDB-2019-004126
Trust: 0.8
db:CNNVDid:CNNVD-201904-889
Trust: 0.7
db:VULHUBid:VHN-158911
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158911 // 
            
            
            
            JVNDB: JVNDB-2019-004126 // 
            
            
            
            CNNVD: CNNVD-201904-889 // 
            
            
            
            NVD: CVE-2019-7476

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0004
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7476
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7476
Trust: 0.8
sources:
            
            
            VULHUB: VHN-158911 // 
            
            
            
            JVNDB: JVNDB-2019-004126 // 
            
            
            
            CNNVD: CNNVD-201904-889 // 
            
            
            
            NVD: CVE-2019-7476

SOURCES
db:VULHUBid:VHN-158911
db:JVNDBid:JVNDB-2019-004126
db:CNNVDid:CNNVD-201904-889
db:NVDid:CVE-2019-7476

LAST UPDATE DATE
2024-11-23T22:30:02.587000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158911date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2019-004126date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-889date:2021-11-04T00:00:00
db:NVDid:CVE-2019-7476date:2024-11-21T04:48:15.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-158911date:2019-04-26T00:00:00
db:JVNDBid:JVNDB-2019-004126date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-889date:2019-04-11T00:00:00
db:NVDid:CVE-2019-7476date:2019-04-26T21:29:00.487