SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability.
The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below -
CVE-2022-22282 (CVSS score: 8.2) - Unauthenticated Access Control Bypass
CVE-2022-1702 (CVSS score: 6.1) - URL redirection to an untrusted site (open redirection)
CVE-2022-1701 (CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key
Successful exploitation of the aforementioned bugs could allow an attacker to gain unauthorized access to internal resources and even redirect potential victims to malicious websites.”
https://thehackernews.com/2022/05/sonicwall-releases-patches-for-new.html
...
↧
Flaws Affecting SSLVPN SMA1000 Devices
↧