Sign-up

ID

VAR-201912-0826


CVE

CVE-2019-7478


TITLE

GMS In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013927

DESCRIPTION

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. SonicWall Global Management System (GMS) is a global management system of SonicWall Corporation in the United States. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands. The following products and versions are affected: SonicWall GMS Version 8.4, Version 8.5, Version 8.6, Version 8.7, Version 9.0, Version 9.1

Trust: 1.71

sources: NVD: CVE-2019-7478 // JVNDB: JVNDB-2019-013927 // VULHUB: VHN-158913

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:eqversion:8.4

Trust: 2.4

vendor:sonicwallmodel:global management systemscope:eqversion:8.5

Trust: 2.4

vendor:sonicwallmodel:global management systemscope:eqversion:8.6

Trust: 2.4

vendor:sonicwallmodel:global management systemscope:eqversion:8.7

Trust: 2.4

vendor:sonicwallmodel:global management systemscope:eqversion:9.0

Trust: 2.4

vendor:sonicwallmodel:global management systemscope:eqversion:9.1

Trust: 2.4

sources: JVNDB: JVNDB-2019-013927 // CNNVD: CNNVD-201912-1277 // NVD: CVE-2019-7478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7478
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7478
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201912-1277
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158913
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7478
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158913
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7478
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7478
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158913 // JVNDB: JVNDB-2019-013927 // CNNVD: CNNVD-201912-1277 // NVD: CVE-2019-7478

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-158913 // JVNDB: JVNDB-2019-013927 // NVD: CVE-2019-7478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1277

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-1277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013927

PATCH
title:SNWLID-2019-0011url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0011
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013927

EXTERNAL IDS
db:NVDid:CVE-2019-7478
Trust: 2.5
db:JVNDBid:JVNDB-2019-013927
Trust: 0.8
db:CNNVDid:CNNVD-201912-1277
Trust: 0.7
db:VULHUBid:VHN-158913
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158913 // 
            
            
            
            JVNDB: JVNDB-2019-013927 // 
            
            
            
            CNNVD: CNNVD-201912-1277 // 
            
            
            
            NVD: CVE-2019-7478

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0011
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7478
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7478
Trust: 0.8
sources:
            
            
            VULHUB: VHN-158913 // 
            
            
            
            JVNDB: JVNDB-2019-013927 // 
            
            
            
            CNNVD: CNNVD-201912-1277 // 
            
            
            
            NVD: CVE-2019-7478

SOURCES
db:VULHUBid:VHN-158913
db:JVNDBid:JVNDB-2019-013927
db:CNNVDid:CNNVD-201912-1277
db:NVDid:CVE-2019-7478

LAST UPDATE DATE
2024-11-23T22:37:35.256000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158913date:2020-01-09T00:00:00
db:JVNDBid:JVNDB-2019-013927date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-1277date:2020-01-17T00:00:00
db:NVDid:CVE-2019-7478date:2024-11-21T04:48:15.587

SOURCES RELEASE DATE
db:VULHUBid:VHN-158913date:2019-12-31T00:00:00
db:JVNDBid:JVNDB-2019-013927date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-1277date:2019-12-30T00:00:00
db:NVDid:CVE-2019-7478date:2019-12-31T00:15:13.400