CVE-2018-9867

EPSS 0.2%CWE-285

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Feb 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Affected products

SonicWall · SonicOS SonicWall · SonicOSv

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017 https://www.tenable.com/security/research/tra-2019-08