CVE-2019-7474
First published: Tue Apr 02 2019(Updated: )
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | <=5.9.1.10 | |
| SonicWall SonicOS | =6.0.5.3-86o | |
| SonicWall SonicOS | =6.2.7.3 | |
| SonicWall SonicOS | =6.2.7.8 | |
| SonicWall SonicOS | =6.4.0.0 | |
| SonicWall SonicOS | =6.5.1.3 | |
| SonicWall SonicOS | =6.5.1.8 | |
| SonicWall SonicOS | =6.5.2.2 | |
| SonicWall SonicOS | =6.5.3.1 | |
| SonicWall SonicOSv for VMWARE | =6.5.0.2-8v_rc363 | |
| SonicWall SonicOSv HYPER-V | =6.5.0.2.8v_rc366 | |
| SonicWall SonicOSv | =6.5.0.2.8v_rc367 | |
| SonicWall SonicOSv | =6.5.0.2.8v_rc368 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is vulnerability CVE-2019-7474?
Vulnerability CVE-2019-7474 is a vulnerability in SonicWall SonicOS and SonicOSv that allows an authenticated read-only admin to leave the firewall in an unstable state by downloading a certificate with a specific extension.
Which versions of SonicOS are affected by CVE-2019-7474?
SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3, and SonicOSv version 6.5.0.2-8v_rc363, 6.5.0.2.8v_rc366, 6.5.0.2.8v_rc367, and 6.5.0.2.8v_rc368 are affected by CVE-2019-7474.
What is the severity of vulnerability CVE-2019-7474?
The severity of vulnerability CVE-2019-7474 is medium with a severity value of 6.5.
How can I fix vulnerability CVE-2019-7474?
Apply the necessary patches and updates provided by SonicWall to fix vulnerability CVE-2019-7474.
Where can I find more information about vulnerability CVE-2019-7474?
You can find more information about vulnerability CVE-2019-7474 on the SonicWall PSIRT website: [https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001)
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sonicwall
- canonical/sonicwall sonicos ssl vpn nac agent
- version/sonicwall sonicos ssl vpn nac agent/5.9.1.10
- version/sonicwall sonicos ssl vpn nac agent/6.0.5.3-86o
- version/sonicwall sonicos ssl vpn nac agent/6.2.7.3
- version/sonicwall sonicos ssl vpn nac agent/6.2.7.8
- version/sonicwall sonicos ssl vpn nac agent/6.4.0.0
- version/sonicwall sonicos ssl vpn nac agent/6.5.1.3
- version/sonicwall sonicos ssl vpn nac agent/6.5.1.8
- version/sonicwall sonicos ssl vpn nac agent/6.5.2.2
- version/sonicwall sonicos ssl vpn nac agent/6.5.3.1
- canonical/sonicwall sonicosv for vmware
- version/sonicwall sonicosv for vmware/6.5.0.2-8v_rc363
- canonical/sonicwall sonicosv hyper-v
- version/sonicwall sonicosv hyper-v/6.5.0.2.8v_rc366
- canonical/sonicwall sonicosv
- version/sonicwall sonicosv/6.5.0.2.8v_rc367
- version/sonicwall sonicosv/6.5.0.2.8v_rc368