Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-9867

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Published

2019-02-19T21:29:00.320

Last Modified

2024-11-21T04:15:50.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-285
  • Type: Primary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System sonicwall sonicos ≤ 5.9.1.10 Yes
Operating System sonicwall sonicos 6.0.5.3-86o Yes
Operating System sonicwall sonicos 6.2.7.3 Yes
Operating System sonicwall sonicos 6.2.7.8 Yes
Operating System sonicwall sonicos 6.4.0.0 Yes
Operating System sonicwall sonicos 6.5.1.3 Yes
Operating System sonicwall sonicos 6.5.1.8 Yes
Operating System sonicwall sonicos 6.5.2.2 Yes
Operating System sonicwall sonicos 6.5.3.1 Yes
Operating System sonicwall sonicosv 6.5.0.2-8v_rc363 Yes
Operating System sonicwall sonicosv 6.5.0.2.8v_rc366 Yes
Operating System sonicwall sonicosv 6.5.0.2.8v_rc367 Yes
Operating System sonicwall sonicosv 6.5.0.2.8v_rc368 Yes
References