Skip to content
SonicWall Product Security Notice: Path Traversal Vulnerability

SonicWall Product Security Notice: Path Traversal Vulnerability

Security Notice: Pre-Authentication Path Traversal Vulnerability in SMA 1000 12.4.2

SonicWall PSIRT has confirmed a pre-authentication path traversal vulnerability in specific Secure Mobile Access (SMA) 1000 Series firmware versions. This vulnerability potentially allows an unauthenticated attacker to access arbitrary files and directories stored in the SMA 1000 appliance.

SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild, nor has a proof of concept (POC) been made public.

Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.

OVERVIEW

Advisory ID: SNWLID-2023-0001

Product(s): SMA 1000 Series (includes SMA 6200, 6210, 7200, 7210, 8200v)

Impacted Version(s): 12.4.2 only

Fixed Version(s): 12.4.2-05352

CVSS: 7.5 (High)

Exploitation: None observed.

Notes: All other SMA 1000 firmware, including version 12.4.1, are NOT impacted by this vulnerability. No action is required for these organizations.

Previous article SonicWall Product Security Notice
Next article SONICWALL EARNS MULTIPLE CHANNEL AWARDS

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now