SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities
Overview
-
CVE-2023-44221: Post Authentication OS Command Injection
Vulnerability (CVSS Score: 7.2)
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
Impact:Successfully leveraging CVE-2023-44221 against impacted SMA 100 devices can result in the post-authenticated remote attacker with administrative privilege being able to inject arbitrary commands which can potentially lead to OS command execution on the appliance. -
CVE-2023-5970 - Post Authentication External User MFA Bypass Vulnerability (CVSS Score: 6.3)
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user, resulting in an MFA bypass.
Impact: Successfully leveraging CVE-2023-5970 against impacted SMA 100 devices can result in the post-authenticated remote attacker being able to bypass the SMA100 MFA feature which can potentially lead to access to the globally defined SSL-VPN portal bookmarks and resources in the appliance.
IMPORTANT: SonicWall is not aware of active exploitation in the wild . There have not been any reports of malicious use of this vulnerability reported to SonicWall.
Product Impact
Please review the table below to see if your SMA appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.
Impacted Product(s) |
Impacted Platform |
Impacted Versions |
SMA 100 Series |
SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v |
10.2.1.9-57sv and earlier versions. |
Remediation
Product |
Impacted Platforms |
Impacted |
Fixed Version |
SMA 100 Series |
SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v |
10.2.1.9-57sv and earlier versions. |
10.2.1.10-62sv and higher versions |