Sign-up

ID

VAR-201912-0832


CVE

CVE-2019-7485


TITLE

SonicWall SMA100 Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-013656

DESCRIPTION

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. SonicWall SMA100 Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA. This vulnerability is caused by a network system or product performing incorrect operations on the memory and incorrectly verifying the data boundaries, resulting in incorrect reads and writes to associated memory locations. Operation, an attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-7485 // JVNDB: JVNDB-2019-013656 // CNVD: CNVD-2020-01638

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01638

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 100scope:lteversion:9.0.0.3

Trust: 1.0

vendor:sonicwallmodel:sma100scope:lteversion:9.0.0.3

Trust: 0.8

vendor:sonicwallmodel:sma100scope:lteversion:<=9.0.0.3

Trust: 0.6

sources: CNVD: CNVD-2020-01638 // JVNDB: JVNDB-2019-013656 // NVD: CVE-2019-7485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7485
value: HIGH

Trust: 1.0

NVD: CVE-2019-7485
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-01638
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-910
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-7485
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01638
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-7485
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7485
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01638 // JVNDB: JVNDB-2019-013656 // CNNVD: CNNVD-201912-910 // NVD: CVE-2019-7485

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-013656 // NVD: CVE-2019-7485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-910

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-910

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013656

PATCH
title:SNWLID-2019-0020url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0020
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013656

EXTERNAL IDS
db:NVDid:CVE-2019-7485
Trust: 3.0
db:JVNDBid:JVNDB-2019-013656
Trust: 0.8
db:CNVDid:CNVD-2020-01638
Trust: 0.6
db:CNNVDid:CNNVD-201912-910
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01638 // 
            
            
            
            JVNDB: JVNDB-2019-013656 // 
            
            
            
            CNNVD: CNNVD-201912-910 // 
            
            
            
            NVD: CVE-2019-7485

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0020
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-7485
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7485
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7485\
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-01638 // 
            
            
            
            JVNDB: JVNDB-2019-013656 // 
            
            
            
            CNNVD: CNNVD-201912-910 // 
            
            
            
            NVD: CVE-2019-7485

SOURCES
db:CNVDid:CNVD-2020-01638
db:JVNDBid:JVNDB-2019-013656
db:CNNVDid:CNNVD-201912-910
db:NVDid:CVE-2019-7485

LAST UPDATE DATE
2024-11-23T22:16:45.716000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01638date:2020-01-13T00:00:00
db:JVNDBid:JVNDB-2019-013656date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-910date:2020-06-17T00:00:00
db:NVDid:CVE-2019-7485date:2024-11-21T04:48:16.297

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-01638date:2020-01-09T00:00:00
db:JVNDBid:JVNDB-2019-013656date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201912-910date:2019-12-18T00:00:00
db:NVDid:CVE-2019-7485date:2019-12-19T01:15:10.977