Sign-up

ID

VAR-201912-0836


CVE

CVE-2019-7489


TITLE

SonicWall Email Security Appliance vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-013554

DESCRIPTION

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. SonicWall Email Security The appliance contains an unspecified vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system

Trust: 1.8

sources: NVD: CVE-2019-7489 // JVNDB: JVNDB-2019-013554 // VULHUB: VHN-158924 // VULMON: CVE-2019-7489

AFFECTED PRODUCTS

vendor:sonicwallmodel:email security appliancescope:lteversion:10.0.2

Trust: 1.8

sources: JVNDB: JVNDB-2019-013554 // NVD: CVE-2019-7489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7489
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7489
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201912-1023
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158924
value: HIGH

Trust: 0.1

VULMON: CVE-2019-7489
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7489
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158924
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7489
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7489
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158924 // VULMON: CVE-2019-7489 // JVNDB: JVNDB-2019-013554 // CNNVD: CNNVD-201912-1023 // NVD: CVE-2019-7489

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-7489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1023

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-1023

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013554

PATCH
title:Email Security Unauthenticated Remote Code Executionurl:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023
Trust: 0.8
title:PoCurl:https://github.com/Jonathan-Elias/PoC 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-7489 // 
            
            
            
            JVNDB: JVNDB-2019-013554

EXTERNAL IDS
db:NVDid:CVE-2019-7489
Trust: 2.6
db:JVNDBid:JVNDB-2019-013554
Trust: 0.8
db:CNNVDid:CNNVD-201912-1023
Trust: 0.7
db:VULHUBid:VHN-158924
Trust: 0.1
db:VULMONid:CVE-2019-7489
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158924 // 
            
            
            
            VULMON: CVE-2019-7489 // 
            
            
            
            JVNDB: JVNDB-2019-013554 // 
            
            
            
            CNNVD: CNNVD-201912-1023 // 
            
            
            
            NVD: CVE-2019-7489

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0023
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7489
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7489
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/jonathan-elias/poc
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158924 // 
            
            
            
            VULMON: CVE-2019-7489 // 
            
            
            
            JVNDB: JVNDB-2019-013554 // 
            
            
            
            CNNVD: CNNVD-201912-1023 // 
            
            
            
            NVD: CVE-2019-7489

SOURCES
db:VULHUBid:VHN-158924
db:VULMONid:CVE-2019-7489
db:JVNDBid:JVNDB-2019-013554
db:CNNVDid:CNNVD-201912-1023
db:NVDid:CVE-2019-7489

LAST UPDATE DATE
2024-11-23T22:58:27.913000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158924date:2020-01-02T00:00:00
db:VULMONid:CVE-2019-7489date:2020-01-02T00:00:00
db:JVNDBid:JVNDB-2019-013554date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-1023date:2020-06-17T00:00:00
db:NVDid:CVE-2019-7489date:2024-11-21T04:48:16.797

SOURCES RELEASE DATE
db:VULHUBid:VHN-158924date:2019-12-23T00:00:00
db:VULMONid:CVE-2019-7489date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013554date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-1023date:2019-12-23T00:00:00
db:NVDid:CVE-2019-7489date:2019-12-23T22:15:11.483