CVE-2018-9867
19.02.2019, 21:29
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).Enginsight
| Vendor | Product | Version |
|---|---|---|
| sonicwall | sonicos | 5.0.0.0 ≤ 𝑥 ≤ 5.9.1.10 |
| sonicwall | sonicos | 6.0.5.3-86o |
| sonicwall | sonicos | 6.2.7.3 |
| sonicwall | sonicos | 6.2.7.8 |
| sonicwall | sonicos | 6.4.0.0 |
| sonicwall | sonicos | 6.5.1.3 |
| sonicwall | sonicos | 6.5.1.8 |
| sonicwall | sonicos | 6.5.2.2 |
| sonicwall | sonicos | 6.5.3.1 |
| sonicwall | sonicosv | 6.5.0.2-8v_rc363 |
| sonicwall | sonicosv | 6.5.0.2.8v_rc366:v_rc366 |
| sonicwall | sonicosv | 6.5.0.2.8v_rc367:v_rc367 |
| sonicwall | sonicosv | 6.5.0.2.8v_rc368:v_rc368 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.