SonicWall Vulnerabilities

SonicWall PSIRT has confirmed two vulnerabilities: Post Authentication OS Command Injection Vulnerability and Post Authentication External User MFA Bypass Vulnerability in the SMA 100 Series SSL-VPN.

These vulnerabilities only impact SonicWall SMA 100 series, including SMA 500v, 200, 210, 400, 410 appliances.

SonicWall strongly urges that organizations using older versions of SonicWall firmware follow the guidance provided by SonicWall PSIRT and upgrade as soon as possible.

Important: There is no evidence that these vulnerabilities are being exploited in the wild.

Overview

• Early partner notification: December 3rd
• Official Release Date: December 4th
• Advisory ID: SNWLID-2023-0018
• Product(s): SonicWall SMA 100 Series 500v, SMA 200, SMA 210, SMA 400, SMA 410
• Issue:
  1. Post Authentication OS Command Injection Vulnerability
  2. Post Authentication External User MFA Bypass Vulnerability

• CVSS:
  1. CVE-2023-44221 – Post Authentication OS Command Injection Vulnerability: 7.2 (high)
  2. CVE-2023-5970 – Post Authentication External User MFA Bypass Vulnerability: 6.3 (Medium)

• Impacted Version(s): Please refer to the SonicWall PSIRT page.
• Fixed Version(s): 10.2.1.10-62sv and higher versions (available on release date 12/4/2023)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts