Incorrect Permission Assignment for Critical Resource
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 220.127.116.11 and earlier, Gen 6 version 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124-86o and SonicOSv 126.96.36.199-8v_RC363 (VMWARE), 188.8.131.52.8v_RC367 (AZURE), SonicOSv 184.108.40.206.8v_RC368 (AWS), SonicOSv 220.127.116.11.8v_RC366 (HYPER_V).
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.