CVE-2019-7477

Опубликовано: 02 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Ссылки

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

Версия до 5.9.1.10 (включая)

cpe:2.3:o:sonicwall:sonicos:6.0.5.3-86o:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.2.7.3:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.2.7.8:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.1.3:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.1.8:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.2.2:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.3.1:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2-8v_rc363:*:*:*:*:vmware:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc366:*:*:*:*:hyper_v:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc367:*:*:*:*:azure:*:*

cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc368:*:*:*:*:aws:*:*

EPSS

Процентиль: 42%

0.00196

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-cf3p-cffq-p3vj