PT-2019-18620 · Sonicwall · Sonicos+1
Publicado
2019-04-02
·
Atualizado
2019-10-09
·
CVE-2019-7477
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SonicWall SonicOS versions prior to 5.9.1.10
SonicWall SonicOS Gen 6 versions 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o
SonicWall SonicOSv versions 6.5.0.2-8v RC363, 6.5.0.2.8v RC367, 6.5.0.2.8v RC368, 6.5.0.2.8v RC366
Description
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allows remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled.
Recommendations
For SonicWall SonicOS versions prior to 5.9.1.10, update to a version later than 5.9.1.10.
For SonicWall SonicOS Gen 6 versions 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o, update to a version that is not affected by this vulnerability.
For SonicWall SonicOSv versions 6.5.0.2-8v RC363, 6.5.0.2.8v RC367, 6.5.0.2.8v RC368, 6.5.0.2.8v RC366, update to a version that is not affected by this vulnerability.
As a temporary workaround, consider disabling CBC cipher suites until a patch is available.
Correção
Use of a Broken Cryptographic Algorithm
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sonicos
Sonicos Gen 6