CVE-2019-7476

Published: Apr 26, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

Affected (6)

Products: Sonicwall: Global Management System

Sonicwall

1 product

Global Management System

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Global Management System	Up to 8.3
Sonicwall Global Management System	Version 8.4
Sonicwall Global Management System	Version 8.6
Sonicwall Global Management System	Version 8.7
Sonicwall Global Management System	Version 9.0
Sonicwall Global Management System	Version 9.1

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004

Source: PSIRT@sonicwall.com

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.