CVE-2018-9867

Опубликовано: 19 фев. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Ссылки

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017
Vendor Advisory
https://www.tenable.com/security/research/tra-2019-08
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017
Vendor Advisory
https://www.tenable.com/security/research/tra-2019-08
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

Версия от 5.0.0.0 (включая) до 5.9.1.10 (включая)

cpe:2.3:o:sonicwall:sonicos:6.0.5.3-86o:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.2.7.3:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.2.7.8:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.1.3:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.1.8:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.2.2:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.3.1:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2-8v_rc363:*:*:*:*:vmware:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc366:*:*:*:*:hyper_v:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc367:*:*:*:*:azure:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc368:*:*:*:*:aws:*:*

EPSS

Процентиль: 5%

0.00022

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-285

CWE-732

Связанные уязвимости

GHSA-49vw-7j46-x482