CVE-2018-9867
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
En SonicWall SonicOS, los administradores sin permisos completos pueden descargar certificados importados. Ocurre cuando los administradores que no están en el grupo de usuarios de SonicWall Administrators intentan descargar certificados importados. Esta vulnerabilidad afectó a SonicOS Gen 5 versión 5.9.1.10 y anteriores, Gen 6 versiones 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o y SonicOSv versiones 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv versión 6.5.0.2.8v_RC368 (AWS), SonicOSv versión 6.5.0.2.8v_RC366 (HYPER_V).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-09 CVE Reserved
- 2019-02-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-08 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017 | 2022-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | >= 5.0.0.0 <= 5.9.1.10 Search vendor "Sonicwall" for product "Sonicos" and version " >= 5.0.0.0 <= 5.9.1.10" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.0.5.3-86o Search vendor "Sonicwall" for product "Sonicos" and version "6.0.5.3-86o" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.2.7.3 Search vendor "Sonicwall" for product "Sonicos" and version "6.2.7.3" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.2.7.8 Search vendor "Sonicwall" for product "Sonicos" and version "6.2.7.8" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.4.0.0 Search vendor "Sonicwall" for product "Sonicos" and version "6.4.0.0" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.5.1.3 Search vendor "Sonicwall" for product "Sonicos" and version "6.5.1.3" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.5.1.8 Search vendor "Sonicwall" for product "Sonicos" and version "6.5.1.8" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.5.2.2 Search vendor "Sonicwall" for product "Sonicos" and version "6.5.2.2" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 6.5.3.1 Search vendor "Sonicwall" for product "Sonicos" and version "6.5.3.1" | - |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicosv Search vendor "Sonicwall" for product "Sonicosv" | 6.5.0.2-8v_rc363 Search vendor "Sonicwall" for product "Sonicosv" and version "6.5.0.2-8v_rc363" | vmware |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicosv Search vendor "Sonicwall" for product "Sonicosv" | 6.5.0.2.8v_rc366 Search vendor "Sonicwall" for product "Sonicosv" and version "6.5.0.2.8v_rc366" | hyper_v |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicosv Search vendor "Sonicwall" for product "Sonicosv" | 6.5.0.2.8v_rc367 Search vendor "Sonicwall" for product "Sonicosv" and version "6.5.0.2.8v_rc367" | azure |
Affected
| ||||||
| Sonicwall Search vendor "Sonicwall" | Sonicosv Search vendor "Sonicwall" for product "Sonicosv" | 6.5.0.2.8v_rc368 Search vendor "Sonicwall" for product "Sonicosv" and version "6.5.0.2.8v_rc368" | aws |
Affected
| ||||||