Details of VAR-201912-0835

ID

VAR-201912-0835

CVE

CVE-2019-7488

TITLE

SonicWall Email Security Appliance vulnerable to password requests

Trust: 0.8

sources: JVNDB: JVNDB-2019-013553

DESCRIPTION

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier

Trust: 1.71

sources: NVD: CVE-2019-7488 // JVNDB: JVNDB-2019-013553 // VULHUB: VHN-158923

AFFECTED PRODUCTS

vendor:

sonicwall

model:

email security appliance

scope:

lte

version:

10.0.2

Trust: 1.8

sources: JVNDB: JVNDB-2019-013553 // NVD: CVE-2019-7488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7488
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-7488
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201912-1022
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158923
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-7488
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158923
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7488
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-7488
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158923 // JVNDB: JVNDB-2019-013553 // CNNVD: CNNVD-201912-1022 // NVD: CVE-2019-7488

PROBLEMTYPE DATA

problemtype:	CWE-521	Trust: 1.9
problemtype:	CWE-255	Trust: 1.0

sources: VULHUB: VHN-158923 // JVNDB: JVNDB-2019-013553 // NVD: CVE-2019-7488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1022

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-1022

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013553

PATCH

title:

SNWLID-2019-0014

url:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014

Trust: 0.8

sources: JVNDB: JVNDB-2019-013553

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7488	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013553	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-1022	Trust: 0.7
db:	VULHUB	id:	VHN-158923	Trust: 0.1

sources: VULHUB: VHN-158923 // JVNDB: JVNDB-2019-013553 // CNNVD: CNNVD-201912-1022 // NVD: CVE-2019-7488

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0014	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7488	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7488	Trust: 0.8

sources: VULHUB: VHN-158923 // JVNDB: JVNDB-2019-013553 // CNNVD: CNNVD-201912-1022 // NVD: CVE-2019-7488

SOURCES

db:	VULHUB	id:	VHN-158923
db:	JVNDB	id:	JVNDB-2019-013553
db:	CNNVD	id:	CNNVD-201912-1022
db:	NVD	id:	CVE-2019-7488

LAST UPDATE DATE

2024-11-23T22:48:11.275000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158923	date:	2020-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013553	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1022	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2019-7488	date:	2024-11-21T04:48:16.683

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158923	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013553	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1022	date:	2019-12-23T00:00:00
db:	NVD	id:	CVE-2019-7488	date:	2019-12-23T22:15:11.407