Security Notice: SMA 1000 Series Unauthenticated Access Control Bypass

First Published:05/10/2022 Last Updated:05/13/2022

The SonicWall Product Security & Incident Response Team (PSIRT) has verified and patched the following vulnerabilities that impact Secure Mobile Access (SMA) 1000 series products (see product list and impacted firmware versions below).

  1. Unauthenticated access control bypass
  2. Use of hard-coded/shared cryptographic key
  3. URL redirection to an untrusted site (open redirection)

Important: There is no evidence that these vulnerabilities are being exploited in the wild.

Details for each patch can be found in PSIRT Advisory SNWLID-2022-0009.

Overview

  • Impacted Product(s): SMA 1000 Series (6200, 6210, 7200, 7210, 8200v) 
  • Impacted Version(s): 12.4.0 and 12.4.1 including hot fixes
  • Fixed Version(s): 12.4.1-02994
  • Notes: Does not impact the following products
    • SMA 1000 series running versions earlier than 12.4.0
    • SMA 100 series
    • CMS
    • Remote access clients

SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch and follow the guidance below.

Impact

  1. Unauthenticated access control bypass
    Successful exploitation could lead to an attacker gaining access to an internal resource by crafting connections from an unauthenticated position.
  2. Use of hard-coded cryptographic key
    Successful exploitation could lead to an attacker gaining access to encrypted credentials.
  3. URL redirection to an untrusted site (open redirection)
    Successful exploitation could lead an attacker redirecting users to an untrusted site.

Temporary Mitigations

There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible. 

Resolution

Impacted Platforms: SMA 1000 Series
SMA 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure)

SummaryCVSS ScoreImpacted FirmwareFixed FirmwareCVE ID

Unauthenticated access control bypass

8.2 (High)

12.4.0

12.4.1

12.4.1-02994

CVE-2022-22282

Use of hard-coded cryptographic key

5.7 (Medium)

12.4.0

12.4.1

12.4.1-02994

CVE-2022-1701

URL redirection to an untrusted site (open redirection)

6.1 (Medium)

12.4.0

12.4.1

12.4.1-02994

CVE-2022-1702


Additional Resources

Trace:bc25ceab620983726ed9b9f9e3bc8474-80