Lucene search

[email protected]NVD:CVE-2019-7486

HistoryDec 19, 2019 - 1:15 a.m.

CVE-2019-7486

2019-12-1901:15:11

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.

Affected configurations

Nvd

Node

sonicwallsma_100_firmwareRange≤9.0.0.4

AND

sonicwallsma_100Match-

VendorProductVersionCPE
sonicwallsma_100_firmware*cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*
sonicwallsma_100-cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	sma_100_firmware	*	cpe:2.3:o:sonicwall:sma_100_firmware::::::::
sonicwall	sma_100	-	cpe:2.3:h:sonicwall:sma_100:-:::::::*

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0021

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

Related for NVD:CVE-2019-7486

prion1 checkpoint_advisories1 cvelist1 cve1