CVE-2019-7485

Published: Dec 19, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

Affected (1)

Products: Sonicwall: Sma 100 Firmware

Sonicwall

1 product

Sma 100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma 100 Firmware	Up to 9.0.0.3

Running on/with	Platform Versions
Sonicwall Sma 100	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0020

Source: PSIRT@sonicwall.com

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0020

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.