CVE-2018-9867 vulnerability in SonicWall Products
Published on February 19, 2019
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2018-9867 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2018-9867
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-9867 are published in these products:
Affected Versions
SonicWall SonicOS:- Version 5.9.1.10 and earlier is affected.
- Version 6.2.7.3 is affected.
- Version 6.5.1.3 is affected.
- Version 6.5.2.2 is affected.
- Version 6.5.3.1 is affected.
- Version 6.2.7.8 is affected.
- Version 6.4.0.0 is affected.
- Version 6.5.1.8 is affected.
- Version 6.0.5.3-86o is affected.
- Version 6.5.0.2-8v_RC363 (VMWARE) is affected.
- Version 6.5.0.2.8v_RC367 (AZURE) is affected.
- Version 6.5.0.2.8v_RC368 (AWS) is affected.
- Version 6.5.0.2.8v_RC366 (HYPER_V) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.