Sign-up

ID

VAR-201912-0831


CVE

CVE-2019-7484


TITLE

SonicWall SMA100 SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-01640 // CNNVD: CNNVD-201912-906

DESCRIPTION

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. SonicWall SMA100 In SQL An injection vulnerability exists.Information may be obtained. SonicWall SMA100 is a secure access gateway device from SonicWall, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands

Trust: 2.16

sources: NVD: CVE-2019-7484 // JVNDB: JVNDB-2019-013655 // CNVD: CNVD-2020-01640

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01640

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 100scope:lteversion:9.0.0.3

Trust: 1.0

vendor:sonicwallmodel:sma100scope:lteversion:9.0.0.3

Trust: 0.8

vendor:sonicwallmodel:sma100scope:lteversion:<=9.0.0.3

Trust: 0.6

vendor:sonicwallmodel:sma 100scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-01640 // JVNDB: JVNDB-2019-013655 // CNNVD: CNNVD-201912-906 // NVD: CVE-2019-7484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7484
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-7484
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-01640
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-906
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-7484
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01640
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-7484
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-7484
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01640 // JVNDB: JVNDB-2019-013655 // CNNVD: CNNVD-201912-906 // NVD: CVE-2019-7484

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2019-013655 // NVD: CVE-2019-7484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-906

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-906

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013655

PATCH
title:SNWLID-2019-0019url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0019
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013655

EXTERNAL IDS
db:NVDid:CVE-2019-7484
Trust: 3.0
db:JVNDBid:JVNDB-2019-013655
Trust: 0.8
db:CNVDid:CNVD-2020-01640
Trust: 0.6
db:CNNVDid:CNNVD-201912-906
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01640 // 
            
            
            
            JVNDB: JVNDB-2019-013655 // 
            
            
            
            CNNVD: CNNVD-201912-906 // 
            
            
            
            NVD: CVE-2019-7484

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0019
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-7484
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7484
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7484\
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-01640 // 
            
            
            
            JVNDB: JVNDB-2019-013655 // 
            
            
            
            CNNVD: CNNVD-201912-906 // 
            
            
            
            NVD: CVE-2019-7484

SOURCES
db:CNVDid:CNVD-2020-01640
db:JVNDBid:JVNDB-2019-013655
db:CNNVDid:CNNVD-201912-906
db:NVDid:CVE-2019-7484

LAST UPDATE DATE
2024-11-23T22:21:23.432000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01640date:2020-01-13T00:00:00
db:JVNDBid:JVNDB-2019-013655date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-906date:2020-01-02T00:00:00
db:NVDid:CVE-2019-7484date:2024-11-21T04:48:16.173

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-01640date:2020-01-09T00:00:00
db:JVNDBid:JVNDB-2019-013655date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-906date:2019-12-18T00:00:00
db:NVDid:CVE-2019-7484date:2019-12-19T01:15:10.883