CVE-2019-7486 — Code Injection in SMA 100 Firmware

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 100 Firmware Sonicwall Sma100

Timeline

PublishedDec 19

Latest updateMay 24

Description

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsonicwall/sma_100_firmware9.0.0.4

▶CVEListV5sonicwall/sma1009.0.0.4 and earlier

🔴Vulnerability Details

GHSA

GHSA-fgxp-9cpg-5f7c: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script↗2022-05-24

▶

CVEList

CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script↗2019-12-19

▶