Sign-up

ID

VAR-201912-0829


CVE

CVE-2019-7482


TITLE

SonicWall SMA100 Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-013653

DESCRIPTION

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. SonicWall SMA100 Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA. SonicWall SMA100 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-7482 // JVNDB: JVNDB-2019-013653 // CNVD: CNVD-2020-00278 // VULMON: CVE-2019-7482

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00278

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 100scope:lteversion:9.0.0.3

Trust: 1.0

vendor:sonicwallmodel:sma100scope:lteversion:9.0.0.3

Trust: 0.8

vendor:sonicwallmodel:sma100scope:lteversion:<=9.0.0.3

Trust: 0.6

sources: CNVD: CNVD-2020-00278 // JVNDB: JVNDB-2019-013653 // NVD: CVE-2019-7482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7482
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7482
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-00278
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-901
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-7482
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7482
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-00278
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-7482
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7482
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-00278 // VULMON: CVE-2019-7482 // JVNDB: JVNDB-2019-013653 // CNNVD: CNNVD-201912-901 // NVD: CVE-2019-7482

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

problemtype:CWE-121

Trust: 1.0

sources: JVNDB: JVNDB-2019-013653 // NVD: CVE-2019-7482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-901

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-901

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013653

PATCH
title:SNWLID-2019-0017url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0017
Trust: 0.8
title:sonicwall-cve-2019-7482url:https://github.com/w0lfzhang/sonicwall-cve-2019-7482 
Trust: 0.1
title:some_nday_bugsurl:https://github.com/w0lfzhang/some_nday_bugs 
Trust: 0.1
title:CVE-2019-7482url:https://github.com/b4bay/CVE-2019-7482 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-7482 // 
            
            
            
            JVNDB: JVNDB-2019-013653

EXTERNAL IDS
db:NVDid:CVE-2019-7482
Trust: 3.1
db:JVNDBid:JVNDB-2019-013653
Trust: 0.8
db:CNVDid:CNVD-2020-00278
Trust: 0.6
db:CNNVDid:CNNVD-201912-901
Trust: 0.6
db:VULMONid:CVE-2019-7482
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-00278 // 
            
            
            
            VULMON: CVE-2019-7482 // 
            
            
            
            JVNDB: JVNDB-2019-013653 // 
            
            
            
            CNNVD: CNNVD-201912-901 // 
            
            
            
            NVD: CVE-2019-7482

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0017
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-7482
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7482
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7482\
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://github.com/w0lfzhang/sonicwall-cve-2019-7482
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/b4bay/cve-2019-7482
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/173320
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-00278 // 
            
            
            
            VULMON: CVE-2019-7482 // 
            
            
            
            JVNDB: JVNDB-2019-013653 // 
            
            
            
            CNNVD: CNNVD-201912-901 // 
            
            
            
            NVD: CVE-2019-7482

SOURCES
db:CNVDid:CNVD-2020-00278
db:VULMONid:CVE-2019-7482
db:JVNDBid:JVNDB-2019-013653
db:CNNVDid:CNNVD-201912-901
db:NVDid:CVE-2019-7482

LAST UPDATE DATE
2024-11-23T22:25:39.590000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-00278date:2020-01-03T00:00:00
db:VULMONid:CVE-2019-7482date:2019-12-31T00:00:00
db:JVNDBid:JVNDB-2019-013653date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-901date:2020-06-17T00:00:00
db:NVDid:CVE-2019-7482date:2024-11-21T04:48:15.943

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-00278date:2020-01-03T00:00:00
db:VULMONid:CVE-2019-7482date:2019-12-19T00:00:00
db:JVNDBid:JVNDB-2019-013653date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-901date:2019-12-18T00:00:00
db:NVDid:CVE-2019-7482date:2019-12-19T01:15:10.680