Details of VAR-201912-0833

ID

VAR-201912-0833

CVE

CVE-2019-7486

TITLE

SonicWall SMA100 Code Injection Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2020-01637 // JVNDB: JVNDB-2019-013657 // CNNVD: CNNVD-201912-912

DESCRIPTION

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. SonicWall SMA100 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA. The vulnerability originates from the process of constructing code segments by external input data, and the network system or product does not properly filter the special elements therein. Attackers can use this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components

Trust: 2.25

sources: NVD: CVE-2019-7486 // JVNDB: JVNDB-2019-013657 // CNVD: CNVD-2020-01637 // VULMON: CVE-2019-7486

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-01637

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 100	scope:	lte	version:	9.0.0.4	Trust: 1.0
vendor:	sonicwall	model:	sma100	scope:	lte	version:	9.0.0.4	Trust: 0.8
vendor:	sonicwall	model:	sma100	scope:	lte	version:	<=9.0.0.4	Trust: 0.6

sources: CNVD: CNVD-2020-01637 // JVNDB: JVNDB-2019-013657 // NVD: CVE-2019-7486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7486
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-7486
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-01637
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-912
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-7486
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7486
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-01637
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-7486
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-7486
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-01637 // VULMON: CVE-2019-7486 // JVNDB: JVNDB-2019-013657 // CNNVD: CNNVD-201912-912 // NVD: CVE-2019-7486

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2019-013657 // NVD: CVE-2019-7486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-912

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-912

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013657

PATCH

title:	SNWLID-2019-0021	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0021	Trust: 0.8
title:	CVE-2019-7482	url:	https://github.com/b4bay/CVE-2019-7482	Trust: 0.1

sources: VULMON: CVE-2019-7486 // JVNDB: JVNDB-2019-013657

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7486	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013657	Trust: 0.8
db:	CNVD	id:	CNVD-2020-01637	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-912	Trust: 0.6
db:	VULMON	id:	CVE-2019-7486	Trust: 0.1

sources: CNVD: CNVD-2020-01637 // VULMON: CVE-2019-7486 // JVNDB: JVNDB-2019-013657 // CNNVD: CNNVD-201912-912 // NVD: CVE-2019-7486

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0021	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7486	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7486	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7486\	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/94.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/173324	Trust: 0.1
url:	https://github.com/b4bay/cve-2019-7482	Trust: 0.1

sources: CNVD: CNVD-2020-01637 // VULMON: CVE-2019-7486 // JVNDB: JVNDB-2019-013657 // CNNVD: CNNVD-201912-912 // NVD: CVE-2019-7486

SOURCES

db:	CNVD	id:	CNVD-2020-01637
db:	VULMON	id:	CVE-2019-7486
db:	JVNDB	id:	JVNDB-2019-013657
db:	CNNVD	id:	CNNVD-201912-912
db:	NVD	id:	CVE-2019-7486

LAST UPDATE DATE

2024-11-23T23:08:08.541000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-01637	date:	2020-01-13T00:00:00
db:	VULMON	id:	CVE-2019-7486	date:	2019-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-013657	date:	2020-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201912-912	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2019-7486	date:	2024-11-21T04:48:16.423

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-01637	date:	2020-01-09T00:00:00
db:	VULMON	id:	CVE-2019-7486	date:	2019-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-013657	date:	2020-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201912-912	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-7486	date:	2019-12-19T01:15:11.053