[German]SonicWall has issued a security alert urging customers to immediately patch several vulnerabilities that are considered high-risk. The vulnerabilities could allow attackers to bypass authorization and potentially compromise unpatched appliances.
Advertising
Bleeping Computer point out the issue in the following tweet and in this article. The Sonic Wall Security Advisory SMA 1000 Series Unauthenticated Access Control Bypass dated May 13, 2022 contains the details.
The SonicWall Product Security & Incident Response Team (PSIRT) has reviewed and patched the multiple vulnerabilities in Secure Mobile Access (SMA) 1000 Series products.
- CVE-2022-22282: Unauthenticated access control bypass, CVSS Score 8.2
- CVE-2022-1701: Use of hard-coded cryptographic key, CVSS Score 5.7
- CVE-2022-1702: URL redirection to an untrusted site (open redirection), CVSS Score 5.7, CVSS Score 6.1
Affected products are the SMA 1000 series (6200, 6210, 7200, 7210, 8200v) with firmware version 12.4.0 and 12.4.1 (including hot fixes). A new software version 12.4.1-02994 is available to close the vulnerabilities. The following models are not affected:
- SMA 1000 series with versions earlier than 12.4.0
- SMA 100 series
- CMS
- Remote access clients )
SonicWall strongly recommends that organizations using SMA 1000 series products update to the latest patch and follow the guidance here.
Advertising
