CVE-2019-7477 Information

Description

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier Gen 6 version 6.2.7.3 6.5.1.3 6.5.2.2 6.5.3.1 6.2.7.8 6.4.0.0 6.5.1.8 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE) 6.5.0.2.8v_RC367 (AZURE) SonicOSv 6.5.0.2.8v_RC368 (AWS) SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5