CVE-2019-7487

Name of the Vulnerable Software and Affected Versions SonicOS SSLVPN NACagent version 3.5

Description The issue arises during the installation of the SonicOS SSLVPN NACagent on the Windows operating system. An autorun value is created without quotes around the path, which could allow a malicious binary placed by an attacker within the parent path to execute code.

Recommendations For SonicOS SSLVPN NACagent version 3.5, consider manually adding quotes around the path in the autorun value to prevent potential code execution by malicious binaries. As a temporary workaround, restrict access to the parent path to minimize the risk of exploitation.