{"id":24505,"date":"2022-05-14T00:01:00","date_gmt":"2022-05-13T22:01:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24505"},"modified":"2022-05-13T23:08:21","modified_gmt":"2022-05-13T21:08:21","slug":"sonicwall-warnung-sslvpn-sma1000-bugs-sofort-patchen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/05\/14\/sonicwall-warnung-sslvpn-sma1000-bugs-sofort-patchen\/","title":{"rendered":"SonicWall Security Advisory: Patch SSLVPN SMA1000 vulnerabilities immediately"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=265332\" target=\"_blank\" rel=\"noopener\">German<\/a>]SonicWall has issued a security alert urging customers to immediately patch several vulnerabilities that are considered high-risk. The vulnerabilities could allow attackers to bypass authorization and potentially compromise unpatched appliances.<\/p>\n<p><!--more--><\/p>\n<p>Bleeping Computer point out the issue in the following <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1525138519508779008\" target=\"_blank\" rel=\"noopener\">tweet<\/a> and in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sonicwall-strongly-urges-admins-to-patch-sslvpn-sma1000-bugs\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>. The Sonic Wall Security Advisory <a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/security-notice-sma-1000-series-unauthenticated-access-control-bypass\/220510172939820\/\" target=\"_blank\" rel=\"noopener\">SMA 1000 Series Unauthenticated Access Control Bypass<\/a> dated May 13, 2022 contains the details. <\/p>\n<p><a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1525138519508779008\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Vulnerablility in SSLVPN SMA1000 \" alt=\"Vulnerablility in SSLVPN SMA1000 \" src=\"https:\/\/i.imgur.com\/Sa8lbsm.png\"><\/a><\/p>\n<p>The SonicWall Product Security &amp; Incident Response Team (PSIRT) has reviewed and patched the multiple vulnerabilities in Secure Mobile Access (SMA) 1000 Series products.<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22282\" target=\"_blank\" rel=\"noopener\">CVE-2022-22282<\/a>: Unauthenticated access control bypass, CVSS Score 8.2\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-1701\" target=\"_blank\" rel=\"noopener\">CVE-2022-1701<\/a>: Use of hard-coded cryptographic key, CVSS Score 5.7\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-1702\" target=\"_blank\" rel=\"noopener\">CVE-2022-1702<\/a>: URL redirection to an untrusted site (open redirection), CVSS Score 5.7, CVSS Score 6.1<\/li>\n<\/ul>\n<p>Affected products are the SMA 1000 series (6200, 6210, 7200, 7210, 8200v) with firmware version 12.4.0 and 12.4.1 (including hot fixes). A new software version 12.4.1-02994 is available to close the vulnerabilities. The following models are not affected:<\/p>\n<ul>\n<li>SMA 1000 series with versions earlier than 12.4.0\n<li>SMA 100 series\n<li>CMS\n<li>Remote access clients )<\/li>\n<\/ul>\n<p>SonicWall strongly recommends that organizations using SMA 1000 series products update to the latest patch and follow the guidance <a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/security-notice-sma-1000-series-unauthenticated-access-control-bypass\/220510172939820\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]SonicWall has issued a security alert urging customers to immediately patch several vulnerabilities that are considered high-risk. The vulnerabilities could allow attackers to bypass authorization and potentially compromise unpatched appliances.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-24505","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24505"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24505\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}