CVE-2018-9867

CVSS 5.5 - MEDIUM
Description

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Affected Products
13
Vendor Product Version
sonicwall sonicos All versions
sonicwall sonicos 6.0.5.3-86o
sonicwall sonicos 6.2.7.3
sonicwall sonicos 6.2.7.8
sonicwall sonicos 6.4.0.0
sonicwall sonicos 6.5.1.3
sonicwall sonicos 6.5.1.8
sonicwall sonicos 6.5.2.2
sonicwall sonicos 6.5.3.1
sonicwall sonicosv 6.5.0.2-8v_rc363
sonicwall sonicosv 6.5.0.2.8v_rc366
sonicwall sonicosv 6.5.0.2.8v_rc367
sonicwall sonicosv 6.5.0.2.8v_rc368
References
https://psirt.global.sonicwall.com/vuln-detail/SNW...
https://www.tenable.com/security/research/tra-2019...
https://psirt.global.sonicwall.com/vuln-detail/SNW...
https://www.tenable.com/security/research/tra-2019...
Weakness Types
CWE-285 CWE-732
CVE Information
CVE ID:
CVE-2018-9867
Published:
2019-02-19
Modified:
2024-11-21
CVSS Score:
5.5
Severity:
MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Vendors
sonicwall
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL