CVE-2019-7489

CRITICAL

SonicWall Email Security <10.0.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7489. PoCs published by nromsdahl.

AI-analyzed exploit summary This Python script automates unauthenticated remote code execution on SonicWall Email Security Appliances by forwarding MySQL and HTTP ports via SSH, writing a JSP command shell and a reverse shell script to the target system, and executing them to achieve a reverse shell.

Description

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

Exploits (1)

nomisec WORKING POC 2 stars

by nromsdahl · poc

https://github.com/nromsdahl/CVE-2019-7489

View Code ZIP pw:eip

This Python script automates unauthenticated remote code execution on SonicWall Email Security Appliances by forwarding MySQL and HTTP ports via SSH, writing a JSP command shell and a reverse shell script to the target system, and executing them to achieve a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SonicWall Email Security Appliances < 10.0.3

No auth needed

Prerequisites: SSH access to the target system · MySQL and HTTP ports accessible via SSH tunneling · Netcat listener set up on the attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023

Scores

CVSS v3 9.8

EPSS 0.0528

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-285

Status published

Products (1)

sonicwall/email_security_appliance < 10.0.2

Published Dec 23, 2019

Tracked Since Feb 18, 2026