CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7487

HIGH
7.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile9.16th
PublishedDec 19, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.

Affected Platforms (CPE)

💻
Sonicwall

Sonicos

<= 6.5.3.3
📦
Sonicwall

Sonicos Sslvpn Nacagent

= 3.5

References & Advisories

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022
🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022

Related Vulnerabilities

CVE-2020-51359.8

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbit...

CVE-2019-74759.8

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user...

CVE-2021-200468.8

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause D...

CVE-2021-200488.8

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial...