CVE-2018-9867

CVE-2018-9867

Vendor Sonicwall

Product SonicOS

Weakness CWE-285

Published February 19, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Key dates

02Disclosure timeline

February 19, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-9867 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2018-9867

CWE CWE-285

Affected versions

Vendor Sonicwall

Product SonicOS

Affected 5.9.1.10 and earlier

Vendor Sonicwall

Product SonicOS

Affected 6.2.7.3

Vendor Sonicwall

Product SonicOS

Affected 6.5.1.3

Vendor Sonicwall

Product SonicOS

Affected 6.5.2.2

Vendor Sonicwall

Product SonicOS

Affected 6.5.3.1

Vendor Sonicwall

Product SonicOS

Affected 6.2.7.8

Vendor Sonicwall

Product SonicOS

Affected 6.4.0.0

Vendor Sonicwall

Product SonicOS

Affected 6.5.1.8

Vendor Sonicwall

Product SonicOS

Affected 6.0.5.3-86o

Vendor Sonicwall

Product SonicOSv

Affected 6.5.0.2-8v_RC363 (VMWARE)

Vendor Sonicwall

Product SonicOSv

Affected 6.5.0.2.8v_RC367 (AZURE)

Vendor Sonicwall

Product SonicOSv

Affected 6.5.0.2.8v_RC368 (AWS)

Vendor Sonicwall

Product SonicOSv

Affected 6.5.0.2.8v_RC366 (HYPER_V)

01Description

02Disclosure timeline

03References

04Related CVE