Main Vulnerability Database Vulnerabilities #VU83768

#VU83768 OS Command Injection in SMA 100 - CVE-2023-44221

Published: December 4, 2023 / Updated: May 1, 2025

Vulnerability identifier: #VU83768

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2023-44221

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SMA 100

Software vendor:
SonicWall

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the SSL-VPN management interface. A remote user with administrative privileges can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Remediation

Install updates from vendor's website.

External links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018

#VU83768 OS Command Injection in SMA 100 - CVE-2023-44221

Description

Remediation

External links

Please verify you're human