CVE-2019-7479

Published Dec 31, 2019

Last updated 4 years ago

CVSS high 7.2

Overview

Description: A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Source: PSIRT@sonicwall.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-269
PSIRT@sonicwall.com: CWE-285

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62BC517C-4BA4-4D24-AF37-2FE354DCA3CE",
            "versionEndIncluding": "5.9.1.12-4o"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.2.7.4-32n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFA04B64-0DA3-4076-A186-2F258F5D14FD"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.2.7.10-3n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7365C8A2-F8E1-4DE0-B90B-0F2AC7AFC43D"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.4.1.0-3n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D43E2BE-498C-4381-BFD6-6568C87A03E4"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.5.1.4-4n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28195F5-7991-4E1A-9BE9-79C099A0C861"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.5.1.9-4n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01BBACC9-F422-409D-940C-906D28EC1ACA"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.5.2.3-4n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F97116C-82E9-4574-8566-B88DFD312200"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicos:6.5.3.3-3n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3797E36F-8DF2-4877-A188-891B13956008"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB0AAA39-58B7-4A37-8ED4-686449F78646"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc363:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "383D9E6C-9062-4007-9DDD-BCA01ABBC3CD"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc366:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E243FA37-F3C3-45DC-9318-D2A6B2858A6D"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc367:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9435A4D-9AC1-44D9-9C41-24D8F7729C38"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v:rc368:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A6AA5A9-B5DA-4CF0-ACA5-6E79180CBDE5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References