Details of VAR-201912-0834

ID

VAR-201912-0834

CVE

CVE-2019-7487

TITLE

SonicOS SSLVPN NACagent Vulnerable to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2019-013924

DESCRIPTION

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. SonicOS SSLVPN NACagent Contains an unquoted search path or element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SonicWall SonicOS SSLVPN NACagent is a VPN (Virtual Private Network) client application developed by SonicWall in the United States. A code issue vulnerability exists in SonicOS SSLVPN NACagent version 3.5 (Windows). An attacker could exploit this vulnerability to execute code through malicious binaries

Trust: 1.71

sources: NVD: CVE-2019-7487 // JVNDB: JVNDB-2019-013924 // VULHUB: VHN-158922

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sonicos sslvpn nacagent	scope:	eq	version:	3.5	Trust: 1.8
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.3.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.9.1.10	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.9.0.0	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.8.1.5	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.0.0.13	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.8.1.10	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.0.0.6	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.0.0.0	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.0.0.8	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.9.1.0	Trust: 0.6
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	5.8.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2019-013924 // CNNVD: CNNVD-201912-913 // NVD: CVE-2019-7487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7487
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-7487
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201912-913
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158922
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7487
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158922
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7487
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-7487
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158922 // JVNDB: JVNDB-2019-013924 // CNNVD: CNNVD-201912-913 // NVD: CVE-2019-7487

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.9

sources: VULHUB: VHN-158922 // JVNDB: JVNDB-2019-013924 // NVD: CVE-2019-7487

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-913

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-913

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013924

PATCH

title:

SNWLID-2019-0022

url:

https://psirt.global.sonicwall.com/vuln-list

Trust: 0.8

sources: JVNDB: JVNDB-2019-013924

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7487	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013924	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-913	Trust: 0.7
db:	VULHUB	id:	VHN-158922	Trust: 0.1

sources: VULHUB: VHN-158922 // JVNDB: JVNDB-2019-013924 // CNNVD: CNNVD-201912-913 // NVD: CVE-2019-7487

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0022	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7487	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7487	Trust: 0.8

sources: VULHUB: VHN-158922 // JVNDB: JVNDB-2019-013924 // CNNVD: CNNVD-201912-913 // NVD: CVE-2019-7487

SOURCES

db:	VULHUB	id:	VHN-158922
db:	JVNDB	id:	JVNDB-2019-013924
db:	CNNVD	id:	CNNVD-201912-913
db:	NVD	id:	CVE-2019-7487

LAST UPDATE DATE

2024-08-14T15:07:27.715000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158922	date:	2020-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-013924	date:	2020-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201912-913	date:	2020-01-17T00:00:00
db:	NVD	id:	CVE-2019-7487	date:	2020-01-08T18:38:30.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158922	date:	2019-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-013924	date:	2020-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201912-913	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-7487	date:	2019-12-19T01:15:11.133