Are SMA 100 series appliances vulnerable to jQuery vulnerabilities?

Description

Are SRA / SMA 100 series appliances vulnerable to CVE-2011-4969 , CVE-2012-6708 and CVE-2015-9251?

Cause

CVE-2011-4969: XSS vulnerability in jQuery before 1.6.3, when using location.hash elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVE-2012-6708: jQuery before 1.9.0 is vulnerable to XSS attacks.

CVE-2015-9251: jQuery before 3.0.0 is vulnerable to XSS attacks when a cross-domain Ajax request is performed without the dateType option, causing text/javascript responses to be executed.

Resolution

Our SMA 100 series appliances uses jQuery 1.4.2 patched and has mechanisms to prevent XSS attack. So, it is confirmed that our SMA 100 series appliances are not vulnerable.

NOTE: jQuery patch was included from 8.1.0.4 and 8.5.0.1 onwards. Refer: SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?

 

Related Articles

  • How to Provision SMA1000 in Monthly Billing (MSSP Program)
    Read More
  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More

Categories

Secure Mobile Access
SMA 100 Series
Vulnerabilities
not finding your answers?
Ask the Community
Chat