SMA100 MFA Improper Access Control Vulnerability

SonicWall Security Advisory

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user’s MFA mobile application.

There is no evidence that these vulnerabilities are being exploited in the wild. SonicWall strongly advises SMA 100 series product users, which include SMA 200, 210, 400, 410, and 500v products to upgrade to the mentioned fixed release version.

CVE: CVE-2024-22395
Last updated: Feb. 23, 2024, 3:41 a.m.