cnvd - cnvd-2019-46975

cnvd-2019-46975

Vulnerability from cnvd

Title

SonicWall SonicOS SSLVPN NACagent代码问题漏洞

Description

SonicWall SonicOS SSLVPN NACagent是美国SonicWall公司的一款VPN（虚拟私人网络）客户端应用程序。 SonicOS SSLVPN NACagent 3.5版本（Windows）中存在代码问题漏洞。攻击者可利用该漏洞借助恶意的二进制文件执行代码。

Severity

高

Formal description

目前厂商尚未提供相关漏洞，请关注厂商主页随时更新： https://www.sonicwall.com

Reference

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022 https://nvd.nist.gov/vuln/detail/CVE-2019-7487

Impacted products

Name
SonicWall SonicWall SonicOS SSLVPN NACagent 3.5

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7487"
    }
  },
  "description": "SonicWall SonicOS SSLVPN NACagent\u662f\u7f8e\u56fdSonicWall\u516c\u53f8\u7684\u4e00\u6b3eVPN\uff08\u865a\u62df\u79c1\u4eba\u7f51\u7edc\uff09\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\n\nSonicOS SSLVPN NACagent 3.5\u7248\u672c\uff08Windows\uff09\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u6076\u610f\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u76f8\u5173\u6f0f\u6d1e\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u968f\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.sonicwall.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-46975",
  "openTime": "2019-12-24",
  "products": {
    "product": "SonicWall SonicWall SonicOS SSLVPN NACagent 3.5"
  },
  "referenceLink": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7487",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-19",
  "title": "SonicWall SonicOS SSLVPN NACagent\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-7487 (GCVE-0-2019-7487)

Vulnerability from cvelistv5

Published

2019-12-19 00:35

Modified

2024-08-04 20:54

Severity ?

CWE

CWE-428 - Unquoted Search Path or Element

Summary

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.3.3 and earlier

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:54:28.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.3.3 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428: Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-19T00:35:45",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2019-7487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.5.3.3 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-428: Unquoted Search Path or Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2019-7487",
    "datePublished": "2019-12-19T00:35:45",
    "dateReserved": "2019-02-06T00:00:00",
    "dateUpdated": "2024-08-04T20:54:28.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.