CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-7487

HIGH
7.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile9.16th
Published2019年12月19日
Last Modified2024年11月21日

Vulnerability Description

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.

Affected Platforms (CPE)

💻
Sonicwall

Sonicos

<= 6.5.3.3
📦
Sonicwall

Sonicos Sslvpn Nacagent

= 3.5

References & Advisories

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022
🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022

相关漏洞威胁

CVE-2020-51359.8

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbit...

CVE-2019-74759.8

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user...

CVE-2021-200468.8

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause D...

CVE-2021-200488.8

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial...