Vulnerability identifier: #VU58623
Vulnerability risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-441
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SMA 100
Hardware solutions /
Security hardware applicances
Vendor: SonicWall
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing security checks that allow a remote non-authenticated attacker to bypass firewall rules and use undetected the appliance as intermediary proxy to access internal and external resources.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
SMA 100: 10.2.1.1-19sv, 10.2.0.8-37sv, 9.0.0.11-31sv
External links
http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.