CVE Vulnerabilities

CVE-2019-7474

Improper Handling of Exceptional Conditions

Published: Apr 02, 2019 | Modified: Oct 06, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Sonicos Sonicwall * 5.9.1.10 (including)
Sonicos Sonicwall 6.0.5.3-86o (including) 6.0.5.3-86o (including)
Sonicos Sonicwall 6.2.7.3 (including) 6.2.7.3 (including)
Sonicos Sonicwall 6.2.7.8 (including) 6.2.7.8 (including)
Sonicos Sonicwall 6.4.0.0 (including) 6.4.0.0 (including)
Sonicos Sonicwall 6.5.1.3 (including) 6.5.1.3 (including)
Sonicos Sonicwall 6.5.1.8 (including) 6.5.1.8 (including)
Sonicos Sonicwall 6.5.2.2 (including) 6.5.2.2 (including)
Sonicos Sonicwall 6.5.3.1 (including) 6.5.3.1 (including)
Sonicosv Sonicwall 6.5.0.2-8v_rc363 (including) 6.5.0.2-8v_rc363 (including)
Sonicosv Sonicwall 6.5.0.2.8v_rc366 (including) 6.5.0.2.8v_rc366 (including)
Sonicosv Sonicwall 6.5.0.2.8v_rc367 (including) 6.5.0.2.8v_rc367 (including)
Sonicosv Sonicwall 6.5.0.2.8v_rc368 (including) 6.5.0.2.8v_rc368 (including)

References