CVE-2019-7486
published 2019-12-19CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.58%
72.5th percentile
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sma | — | — |
| sonicwall | sma100 | — | — |
| sonicwall | sma_100_firmware | <= 9.0.0.4 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100
vendor_sonicwall·2019-12-19·CVSS 8.8
CVE-2019-7486 [HIGH] CWE-94 CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100
CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
GHSA
GHSA-fgxp-9cpg-5f7c: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script
ghsa_unreviewed·2022-05-24
CVE-2019-7486 [HIGH] CWE-94 GHSA-fgxp-9cpg-5f7c: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-19
Published