Vulnerability Details CVE-2018-9867
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2018-9867
-
cpe:2.3:o:sonicwall:sonicos:5.0.0.0
-
cpe:2.3:o:sonicwall:sonicos:5.0.0.13
-
cpe:2.3:o:sonicwall:sonicos:5.0.0.6
-
cpe:2.3:o:sonicwall:sonicos:5.0.0.8
-
cpe:2.3:o:sonicwall:sonicos:5.8.0.0
-
cpe:2.3:o:sonicwall:sonicos:5.8.0.2
-
cpe:2.3:o:sonicwall:sonicos:5.8.1.10
-
cpe:2.3:o:sonicwall:sonicos:5.8.1.5
-
cpe:2.3:o:sonicwall:sonicos:5.9.0.0
-
cpe:2.3:o:sonicwall:sonicos:5.9.0.7
-
cpe:2.3:o:sonicwall:sonicos:5.9.1.0
-
cpe:2.3:o:sonicwall:sonicos:5.9.1.10
-
cpe:2.3:o:sonicwall:sonicos:6.0.5.3-86o
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.3
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.8
-
cpe:2.3:o:sonicwall:sonicos:6.4.0.0
-
cpe:2.3:o:sonicwall:sonicos:6.5.1.3
-
cpe:2.3:o:sonicwall:sonicos:6.5.1.8
-
cpe:2.3:o:sonicwall:sonicos:6.5.2.2
-
cpe:2.3:o:sonicwall:sonicos:6.5.3.1
-
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2-8v_rc363
-
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc366
-
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc367
-
cpe:2.3:o:sonicwall:sonicosv:6.5.0.2.8v_rc368