CVE-2018-9867

Name of the Vulnerable Software and Affected Versions: SonicWall SonicOS versions prior to 5.9.1.10 SonicWall SonicOS Gen 6 versions 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o SonicOSv versions 6.5.0.2-8v RC363, 6.5.0.2.8v RC367, 6.5.0.2.8v RC368, 6.5.0.2.8v RC366

Description: The issue allows administrators without full permissions to download imported certificates. This occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates.

Recommendations: For SonicWall SonicOS versions prior to 5.9.1.10, update to a version later than 5.9.1.10. For SonicWall SonicOS Gen 6 versions 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o, update to a version that is not listed as affected. For SonicOSv versions 6.5.0.2-8v RC363, 6.5.0.2.8v RC367, 6.5.0.2.8v RC368, 6.5.0.2.8v RC366, update to a version that is not listed as affected. As a temporary workaround, consider restricting access to certificate downloads for administrators without full permissions.