CVE-2019-7483
SonicWall SMA100 Directory Traversal Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
En SonicWall SMA100, una vulnerabilidad de Salto de Directorio no autenticada en el handleWAFRedirect CGI permite al usuario probar la presencia de un archivo en el servidor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-06 CVE Reserved
- 2019-12-19 CVE Published
- 2022-03-28 Exploited in Wild
- 2022-04-18 KEV Due Date
- 2023-08-17 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0018 | 2019-12-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Sma 100 Firmware Search vendor "Sonicwall" for product "Sma 100 Firmware" | <= 9.0.0.3 Search vendor "Sonicwall" for product "Sma 100 Firmware" and version " <= 9.0.0.3" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 100 Search vendor "Sonicwall" for product "Sma 100" | - | - |
Safe
|