CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2019-7474
https://notcve.org/view.php?id=CVE-2019-7474
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). Una vulnerabilidad en SonicWall, SonicOS y SonicOSv permite al adiminstrador autenticado de solo lectura dejar el firewall en un estado inestable descargando certificados con una extensión específica. Esta vulnerabilidad afectaba a SonicOS Gen 5, en versiones 5.9.1.10 y anteriores; Gen 6, en versiones 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8 y 6.0.5.3-86o; en SonicOSv 6.5.0.2.8v_RC368 (AWS) y en SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2019-7477
https://notcve.org/view.php?id=CVE-2019-7477
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). Una vulnerabilidad en el cifrado TLS CBC de SonicWall, SonicOS y SonicOSv permite que los atacantes remotos obtengan datos sensibles de texto plano cuando se habilitan las suites de cifrado CBC. Esta vulnerabilidad afectaba a SonicOS Gen 5, en versiones 5.9.1.10 y anteriores; Gen 6, en versiones 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8 y 6.0.5.3-86o; en SonicOSv 6.5.0.2.8v_RC368 (AWS) y en SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-7475
https://notcve.org/view.php?id=CVE-2019-7475
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). Una vulnerabilidad en SonicWall, SonicOS y SonicOSv con un sistema de gestión habilitado o con una configuración específica permite a los usuarios sin privilegios acceder a servicios avanzados de routing. Esta vulnerabilidad afectaba a SonicOS Gen 5, en versiones 5.9.1.10 y anteriores; Gen 6, en versiones 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8 y 6.0.5.3-86o; en SonicOSv 6.5.0.2.8v_RC368 (AWS) y en SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-9867
https://notcve.org/view.php?id=CVE-2018-9867
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). En SonicWall SonicOS, los administradores sin permisos completos pueden descargar certificados importados. Ocurre cuando los administradores que no están en el grupo de usuarios de SonicWall Administrators intentan descargar certificados importados. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017 https://www.tenable.com/security/research/tra-2019-08 • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 35%CPEs: 1EXPL: 1CVE-2018-9866
https://notcve.org/view.php?id=CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. Una vulnerabilidad en la falta de validación de parámetros proporcionados por el usuario pasados a llamadas XML-RPC en los dispositivos virtuales SonicWall Global Management System (GMS) permite que usuarios remotos ejecuten código arbitrario. Esta vulnerabilidad afecta a GMS en versiones 8.1 y anteriores. • https://github.com/rapid7/metasploit-framework/pull/10305 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007 https://twitter.com/ddouhine/status/1019251292202586112 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •