CVE-2019-7487

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:sonicwall:sonicos_sslvpn_nacagent:3.5:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-19 01:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-7487

Mitre link : CVE-2019-7487

CVE.ORG link : CVE-2019-7487

JSON object : View

Products Affected

sonicwall

sonicos_sslvpn_nacagent
sonicos

microsoft

windows

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2019-7487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-19T01:15:11.133", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022", "tags": ["Vendor Advisory"], "source": "PSIRT@sonicwall.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-428"}]}, {"type": "Secondary", "source": "PSIRT@sonicwall.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution."}, {"lang": "es", "value": "La instalaci\u00f3n de SonicOS SSLVPN NACagent versi\u00f3n 3.5 en el sistema operativo Windows, un valor autorun se crea sin poner la ruta entre comillas, por lo que si un binario malicioso se introduce en la ruta principal por parte de un atacante, podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2020-01-08T18:38:30.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83EB3E0C-43F1-4C3C-9B1D-40F2F0FB3C6C", "versionEndIncluding": "6.5.3.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:sonicos_sslvpn_nacagent:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA6C0F7B-0302-4EC1-8B88-27DA8DD4B1DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@sonicwall.com"}