A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sonicos | Sonicwall | * | 5.9.1.12-4o (including) |
| Sonicos | Sonicwall | 6.2.7.4-32n (including) | 6.2.7.4-32n (including) |
| Sonicos | Sonicwall | 6.2.7.10-3n (including) | 6.2.7.10-3n (including) |
| Sonicos | Sonicwall | 6.4.1.0-3n (including) | 6.4.1.0-3n (including) |
| Sonicos | Sonicwall | 6.5.1.4-4n (including) | 6.5.1.4-4n (including) |
| Sonicos | Sonicwall | 6.5.1.9-4n (including) | 6.5.1.9-4n (including) |
| Sonicos | Sonicwall | 6.5.2.3-4n (including) | 6.5.2.3-4n (including) |
| Sonicos | Sonicwall | 6.5.3.3-3n (including) | 6.5.3.3-3n (including) |
| Sonicosv | Sonicwall | 6.5.0.2.8v (including) | 6.5.0.2.8v (including) |
| Sonicosv | Sonicwall | 6.5.0.2.8v-rc363 (including) | 6.5.0.2.8v-rc363 (including) |
| Sonicosv | Sonicwall | 6.5.0.2.8v-rc366 (including) | 6.5.0.2.8v-rc366 (including) |
| Sonicosv | Sonicwall | 6.5.0.2.8v-rc367 (including) | 6.5.0.2.8v-rc367 (including) |
| Sonicosv | Sonicwall | 6.5.0.2.8v-rc368 (including) | 6.5.0.2.8v-rc368 (including) |