SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities

SonicWall Security Advisory

1) CVE-2023-44221 – Post Authentication OS Command Injection Vulnerability

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability.

CVSS Score: 7.2
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

IMPACT:

As outlined in SNWLID-2023-0018, successfully leveraging CVE-2023-44221 against impacted SMA 100 devices can result in the post-authenticated remote attacker with administrative privilege being able to inject arbitrary commands which can potentially lead to OS command execution on the appliance.

2) CVE-2023-5970 – Post Authentication External User MFA Bypass Vulnerability

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user, resulting in an MFA bypass.

CVSS Score: 6.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-287: Improper Authentication

IMPACT:

As outlined in SNWLID-2023-0018, successfully leveraging CVE-2023-5970 against impacted SMA 100 devices can result in the post-authenticated remote attacker being able to bypass the SMA100 MFA feature which can potentially lead to access to the globally defined SSL-VPN portal bookmarks and resources in the appliance.

There is no evidence that these vulnerabilities are being exploited in the wild. SonicWall strongly advises SMA 100 series product users, which include SMA 200, 210, 400, 410, and 500v products to upgrade to the mentioned fixed release version.

CVE: CVE-2023-44221, CVE-2023-5970
Last updated: Dec. 4, 2023, 3:17 p.m.

READ MORE