CVE-2019-7474 Information

Description

A vulnerability in SonicWall SonicOS and SonicOSv allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier Gen 6 version 6.2.7.3 6.5.1.3 6.5.2.2 6.5.3.1 6.2.7.8 6.4.0.0 6.5.1.8 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE) 6.5.0.2.8v_RC367 (AZURE) SonicOSv 6.5.0.2.8v_RC368 (AWS) SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5