VAR-201912-0834
Vulnerability from variot - Updated: 2023-12-18 14:00Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. SonicOS SSLVPN NACagent Contains an unquoted search path or element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SonicWall SonicOS SSLVPN NACagent is a VPN (Virtual Private Network) client application developed by SonicWall in the United States. A code issue vulnerability exists in SonicOS SSLVPN NACagent version 3.5 (Windows). An attacker could exploit this vulnerability to execute code through malicious binaries
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0834",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sonicos sslvpn nacagent",
"scope": "eq",
"trust": 1.8,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.3.3"
},
{
"model": "sonicos",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.9.1.10"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.9.0.0"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.8.1.5"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.0.0.13"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.8.1.10"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.0.0.6"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.0.0.0"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.0.0.8"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.9.1.0"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "5.8.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5.3.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:sonicos_sslvpn_nacagent:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7487"
}
]
},
"cve": "CVE-2019-7487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7487",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-158922",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7487",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7487",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-913",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158922",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. SonicOS SSLVPN NACagent Contains an unquoted search path or element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SonicWall SonicOS SSLVPN NACagent is a VPN (Virtual Private Network) client application developed by SonicWall in the United States. A code issue vulnerability exists in SonicOS SSLVPN NACagent version 3.5 (Windows). An attacker could exploit this vulnerability to execute code through malicious binaries",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "VULHUB",
"id": "VHN-158922"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7487",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158922",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"id": "VAR-201912-0834",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158922"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:00:41.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2019-0022",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-list"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0022"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7487"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7487"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-158922"
},
{
"date": "2020-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"date": "2019-12-19T01:15:11.133000",
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-158922"
},
{
"date": "2020-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013924"
},
{
"date": "2020-01-08T18:38:30.087000",
"db": "NVD",
"id": "CVE-2019-7487"
},
{
"date": "2020-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicOS SSLVPN NACagent Vulnerable to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-913"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…