CVE-2019-7477
First published: Tue Apr 02 2019(Updated: )
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | <=5.9.1.10 | |
| SonicWall SonicOS | =6.0.5.3-86o | |
| SonicWall SonicOS | =6.2.7.3 | |
| SonicWall SonicOS | =6.2.7.8 | |
| SonicWall SonicOS | =6.4.0.0 | |
| SonicWall SonicOS | =6.5.1.3 | |
| SonicWall SonicOS | =6.5.1.8 | |
| SonicWall SonicOS | =6.5.2.2 | |
| SonicWall SonicOS | =6.5.3.1 | |
| SonicWall SonicOSv for VMWARE | =6.5.0.2-8v_rc363 | |
| SonicWall SonicOSv HYPER-V | =6.5.0.2.8v_rc366 | |
| SonicWall SonicOSv AZURE | =6.5.0.2.8v_rc367 | |
| SonicWall SonicOSv AWS | =6.5.0.2.8v_rc368 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability CVE-2019-7477?
CVE-2019-7477 is a vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher that allows remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled.
Which versions of SonicWall SonicOS are affected by CVE-2019-7477?
SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 versions 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, and 6.5.1.8 are affected by CVE-2019-7477.
What is the severity of CVE-2019-7477?
The severity of CVE-2019-7477 is high, with a severity value of 7.5.
How can I fix the vulnerability CVE-2019-7477?
To fix the vulnerability, update SonicOS to a version that is not affected by CVE-2019-7477.
Where can I find more information about CVE-2019-7477?
You can find more information about CVE-2019-7477 at the following link: [https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003)
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sonicwall
- canonical/sonicwall sonicos
- version/sonicwall sonicos/5.9.1.10
- version/sonicwall sonicos/6.0.5.3-86o
- version/sonicwall sonicos/6.2.7.3
- version/sonicwall sonicos/6.2.7.8
- version/sonicwall sonicos/6.4.0.0
- version/sonicwall sonicos/6.5.1.3
- version/sonicwall sonicos/6.5.1.8
- version/sonicwall sonicos/6.5.2.2
- version/sonicwall sonicos/6.5.3.1
- canonical/sonicwall sonicosv for vmware
- version/sonicwall sonicosv for vmware/6.5.0.2-8v_rc363
- canonical/sonicwall sonicosv hyper-v
- version/sonicwall sonicosv hyper-v/6.5.0.2.8v_rc366
- canonical/sonicwall sonicosv azure
- version/sonicwall sonicosv azure/6.5.0.2.8v_rc367
- canonical/sonicwall sonicosv aws
- version/sonicwall sonicosv aws/6.5.0.2.8v_rc368