CVE-2019-7479

Published: Dic 31, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-17021 Aliases: GSD-2019-7479
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0025
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

269

Improper Privilege Management

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
285

Improper Authorization

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.5.1.9-4n
cpe:2.3:o:sonicwall:sonicos:6.5.1.9-4n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.5.3.3-3n
cpe:2.3:o:sonicwall:sonicos:6.5.3.3-3n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicosv by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicosv
Version 6.5.0.2.8v
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc363:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicosv by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicosv
Version 6.5.0.2.8v
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc368:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.4.1.0-3n
cpe:2.3:o:sonicwall:sonicos:6.4.1.0-3n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.5.2.3-4n
cpe:2.3:o:sonicwall:sonicos:6.5.2.3-4n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version Range Affected
To 5.9.1.12-4o (inclusive)
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.2.7.10-3n
cpe:2.3:o:sonicwall:sonicos:6.2.7.10-3n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.2.7.4-32n
cpe:2.3:o:sonicwall:sonicos:6.2.7.4-32n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicosv by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicosv
Version 6.5.0.2.8v
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc367:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicosv by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicosv
Version 6.5.0.2.8v
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicosv by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicosv
Version 6.5.0.2.8v
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc366:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sonicos by Sonicwall

Product Information
Vendor Sonicwall
Product Sonicos
Version 6.5.1.4-4n
cpe:2.3:o:sonicwall:sonicos:6.5.1.4-4n:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-…
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-…
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012