PT-2019-18618 · Sonicwall · Sonicos+2
Published
2019-04-02
·
Updated
2020-10-06
·
CVE-2019-7475
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonicOS Gen 5 version 5.9.1.10 and earlier
SonicOS Gen 6 versions 6.0.5.3-86o, 6.2.7.3, 6.2.7.8, 6.4.0.0, 6.5.1.3, 6.5.1.8, 6.5.2.2, 6.5.3.1
SonicOSv versions 6.5.0.2-8v RC363 (VMWARE), 6.5.0.2.8v RC367 (AZURE), 6.5.0.2.8v RC368 (AWS), 6.5.0.2.8v RC366 (HYPER V)
Description
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allows an unprivileged user to access advanced routing services.
Recommendations
For SonicOS Gen 5 version 5.9.1.10 and earlier, update to a version later than 5.9.1.10.
For SonicOS Gen 6 versions 6.0.5.3-86o, 6.2.7.3, 6.2.7.8, 6.4.0.0, 6.5.1.3, 6.5.1.8, 6.5.2.2, 6.5.3.1, update to a version later than the listed versions.
For SonicOSv versions 6.5.0.2-8v RC363 (VMWARE), 6.5.0.2.8v RC367 (AZURE), 6.5.0.2.8v RC368 (AWS), 6.5.0.2.8v RC366 (HYPER V), update to a version later than the listed versions.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicos Gen 5
Sonicos Gen 6
Sonicos