Vulnerability in SonicWall SonicOS Allows Unauthorized Certificate Downloads
CVE-2018-9867
5.5MEDIUM
Summary
A vulnerability exists within SonicWall SonicOS that enables administrators lacking full permissions to download imported certificates. This issue arises when users not designated in the SonicWall Administrators group attempt such actions, potentially exposing sensitive data and compromising network security. This flaw affects multiple versions of SonicOS, making it critical for administrators to evaluate their systems and implement necessary updates to mitigate risks.
Affected Version(s)
SonicOS 5.9.1.10 and earlier
SonicOS 6.2.7.3
SonicOS 6.5.1.3
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved