First published: Tue Apr 02 2019(Updated: )
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
Affected Software | Affected Version | How to fix |
---|---|---|
SonicWall SonicOS | <=5.9.1.10 | |
SonicWall SonicOS | =6.0.5.3-86o | |
SonicWall SonicOS | =6.2.7.3 | |
SonicWall SonicOS | =6.2.7.8 | |
SonicWall SonicOS | =6.4.0.0 | |
SonicWall SonicOS | =6.5.1.3 | |
SonicWall SonicOS | =6.5.1.8 | |
SonicWall SonicOS | =6.5.2.2 | |
SonicWall SonicOS | =6.5.3.1 | |
Sonicwall Sonicosv | =6.5.0.2-8v_rc363 | |
Sonicwall Sonicosv | =6.5.0.2.8v_rc366 | |
Sonicwall Sonicosv | =6.5.0.2.8v_rc367 | |
Sonicwall Sonicosv | =6.5.0.2.8v_rc368 | |
<=5.9.1.10 | ||
=6.0.5.3-86o | ||
=6.2.7.3 | ||
=6.2.7.8 | ||
=6.4.0.0 | ||
=6.5.1.3 | ||
=6.5.1.8 | ||
=6.5.2.2 | ||
=6.5.3.1 | ||
=6.5.0.2-8v_rc363 | ||
=6.5.0.2.8v_rc366 | ||
=6.5.0.2.8v_rc367 | ||
=6.5.0.2.8v_rc368 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Vulnerability CVE-2019-7474 is a vulnerability in SonicWall SonicOS and SonicOSv that allows an authenticated read-only admin to leave the firewall in an unstable state by downloading a certificate with a specific extension.
SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3, and SonicOSv version 6.5.0.2-8v_rc363, 6.5.0.2.8v_rc366, 6.5.0.2.8v_rc367, and 6.5.0.2.8v_rc368 are affected by CVE-2019-7474.
The severity of vulnerability CVE-2019-7474 is medium with a severity value of 6.5.
Apply the necessary patches and updates provided by SonicWall to fix vulnerability CVE-2019-7474.
You can find more information about vulnerability CVE-2019-7474 on the SonicWall PSIRT website: [https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001)