SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

News

SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability.

The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below –

  • CVE-2022-22282 (CVSS score: 8.2) – Unauthenticated Access Control Bypass
  • CVE-2022-1702 (CVSS score: 6.1) – URL redirection to an untrusted site (open redirection)
  • CVE-2022-1701 (CVSS score: 5.7) – Use of a shared and hard-coded cryptographic key

Successful exploitation of the aforementioned bugs could allow an attacker to unauthorized access to internal resources and even redirect potential victims to malicious websites.

CyberSecurity

Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities.

SonicWall noted that the flaws do not affect SMA 1000 series running versions earlier than 12.4.0, SMA 100 series, Central Management Servers (CMS), and remote access clients.

SonicWall

Although there is no evidence that these vulnerabilities are being exploited in the wild, it’s recommended that users apply the fixes in the light of the fact that SonicWall appliances have presented an attractive bullseye in the past for ransomware attacks.

“There are no temporary mitigations,” the network security company said. “SonicWall urges impacted customers to implement applicable patches as soon as possible.”

Products You May Like

Articles You May Like

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits
Fake Donald Trump Assassination Story Used in Phishing Scam
BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk
Palo Alto Networks Patches Critical Firewall Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *