Vulnerability in SonicWall SonicOS and SonicOSv Affects Advanced Routing Services
CVE-2019-7475

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Sonicos; Sonicosv
Vendor: CVE Published:; 2 April 2019

Summary

A vulnerability exists in SonicWall SonicOS and SonicOSv that allows an unprivileged user to gain unauthorized access to advanced routing services. This situation arises when management is enabled, leading to potential exposure of sensitive configurations. The vulnerability impacts multiple versions of SonicOS, particularly within the Gen 5 and Gen 6 lines, as well as various SonicOSv virtual environments. Users are advised to review their configurations and apply relevant security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

SonicOS 5.9.1.10 and earlier

SonicOS 6.2.7.3

SonicOS 6.5.1.3

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2019
Vulnerability Reserved
Feb 6, 2019