Unrated severityNVD Advisory· Published Feb 19, 2019· Updated Aug 5, 2024
CVE-2018-9867
CVE-2018-9867
Description
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Gen 5 <= 5.9.1.10, Gen 6 <= 6.2.7.3 / 6.5.1.3 / 6.5.2.2 / 6.5.3.1 / 6.2.7.8 / 6.4.0.0 / 6.5.1.8 / 6.0.5.3-86o, SonicOSv <= 6.5.0.2-8v_RC363 / 6.5.0.2.8v_RC367 / 6.5.0.2.8v_RC368 / 6.5.0.2.8v_RC366+ 2 more
- (no CPE)range: Gen 5 <= 5.9.1.10, Gen 6 <= 6.2.7.3 / 6.5.1.3 / 6.5.2.2 / 6.5.3.1 / 6.2.7.8 / 6.4.0.0 / 6.5.1.8 / 6.0.5.3-86o, SonicOSv <= 6.5.0.2-8v_RC363 / 6.5.0.2.8v_RC367 / 6.5.0.2.8v_RC368 / 6.5.0.2.8v_RC366
- (no CPE)range: 5.9.1.10 and earlier
- (no CPE)range: 6.5.0.2-8v_RC363 (VMWARE)
Patches
Vulnerability mechanics
References
2- psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017mitrex_refsource_CONFIRM
- www.tenable.com/security/research/tra-2019-08mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.