CVE-2018-9867

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Published: Feb 19, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-9867
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
sonicwall / sonicos	5.0.0.0	5.9.1.10.x
sonicwall / sonicos	6.2.7.3	6.2.7.3.x
sonicwall / sonicos	6.5.1.3	6.5.1.3.x
sonicwall / sonicos	6.5.2.2	6.5.2.2.x
sonicwall / sonicos	6.5.3.1	6.5.3.1.x
sonicwall / sonicos	6.2.7.8	6.2.7.8.x
sonicwall / sonicos	6.4.0.0	6.4.0.0.x
sonicwall / sonicos	6.5.1.8	6.5.1.8.x
sonicwall / sonicos	6.0.5.3-86o	6.0.5.3-86o.x
sonicwall / sonicosv	6.5.0.2-8v_rc363	6.5.0.2-8v_rc363.x
sonicwall / sonicosv	6.5.0.2.8v_rc367	6.5.0.2.8v_rc367.x
sonicwall / sonicosv	6.5.0.2.8v_rc368	6.5.0.2.8v_rc368.x
sonicwall / sonicosv	6.5.0.2.8v_rc366	6.5.0.2.8v_rc366.x

Vulnerability Database

289,599

CVE-2018-9867