← back
CVE-2019-7483

CVE-2019-7483

CVSS 7.5 HIGHEPSS 4.0%● KEVCWE-22
In short

An unauthenticated attacker can use a directory traversal flaw in SonicWall SMA100 to check whether specific files exist on the server, potentially revealing sensitive information about the system's structure.

Technical detail

The handleWAFRedirect CGI endpoint in SonicWall SMA100 is vulnerable to directory traversal (CWE-22) without requiring authentication. An attacker can craft malicious path parameters to traverse the directory structure and determine file existence, enabling reconnaissance for further attacks.

Summary generated and translated by AI from the official description.
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
SonicWall · SMA100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0018https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7483