CVE-2018-9867
First published: Tue Feb 19 2019(Updated: )
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Credit: PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | >=5.0.0.0<=5.9.1.10 | |
| SonicWall SonicOS | =6.0.5.3-86o | |
| SonicWall SonicOS | =6.2.7.3 | |
| SonicWall SonicOS | =6.2.7.8 | |
| SonicWall SonicOS | =6.4.0.0 | |
| SonicWall SonicOS | =6.5.1.3 | |
| SonicWall SonicOS | =6.5.1.8 | |
| SonicWall SonicOS | =6.5.2.2 | |
| SonicWall SonicOS | =6.5.3.1 | |
| Sonicwall Sonicosv | =6.5.0.2-8v_rc363 | |
| Sonicwall Sonicosv | =6.5.0.2.8v_rc366 | |
| Sonicwall Sonicosv | =6.5.0.2.8v_rc367 | |
| Sonicwall Sonicosv | =6.5.0.2.8v_rc368 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SonicWall SonicOS vulnerability?
The vulnerability ID for this SonicWall SonicOS vulnerability is CVE-2018-9867.
Who is affected by this vulnerability?
Administrators without full permissions in SonicWall SonicOS are affected by this vulnerability.
Which versions of SonicOS are affected by this vulnerability?
SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.0.5.3-86o, 6.2.7.3, 6.2.7.8, 6.4.0.0, 6.5.1.3, 6.5.1.8, 6.5.2.2, and 6.5.3.1 are affected by this vulnerability.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium, with a severity value of 5.5.
How can I protect myself from this vulnerability?
To protect yourself from this vulnerability, ensure that administrators without full permissions are not allowed to download imported certificates in SonicWall SonicOS.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/sonicwall
- canonical/sonicwall sonicos
- version/sonicwall sonicos/5.0.0.0
- version/sonicwall sonicos/5.9.1.10
- version/sonicwall sonicos/6.0.5.3-86o
- version/sonicwall sonicos/6.2.7.3
- version/sonicwall sonicos/6.2.7.8
- version/sonicwall sonicos/6.4.0.0
- version/sonicwall sonicos/6.5.1.3
- version/sonicwall sonicos/6.5.1.8
- version/sonicwall sonicos/6.5.2.2
- version/sonicwall sonicos/6.5.3.1
- canonical/sonicwall sonicosv
- version/sonicwall sonicosv/6.5.0.2-8v_rc363
- version/sonicwall sonicosv/6.5.0.2.8v_rc366
- version/sonicwall sonicosv/6.5.0.2.8v_rc367
- version/sonicwall sonicosv/6.5.0.2.8v_rc368