CVE-2018-9867

Summary

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOS5.9.1.10 and earlieraffected
SonicWallSonicOS6.2.7.3affected
SonicWallSonicOS6.5.1.3affected
SonicWallSonicOS6.5.2.2affected
SonicWallSonicOS6.5.3.1affected
SonicWallSonicOS6.2.7.8affected
SonicWallSonicOS6.4.0.0affected
SonicWallSonicOS6.5.1.8affected
SonicWallSonicOS6.0.5.3-86oaffected
SonicWallSonicOSv6.5.0.2-8v_RC363 (VMWARE)affected
SonicWallSonicOSv6.5.0.2.8v_RC367 (AZURE)affected
SonicWallSonicOSv6.5.0.2.8v_RC368 (AWS)affected
SonicWallSonicOSv6.5.0.2.8v_RC366 (HYPER_V)affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References