WXA Console Jail Escape and Privilege Escalation Vulnerability
12/20/2019 485 9778
On Tuesday, October 24, 2017, KoreLogic disclosed a vulnerability one of its researchers identified in version 1.3.2-10-30 of the SonicWall WAN Acceleration Appliance (WXA) software. The vulnerability occurs when accessing the appliance console via a serial cable or VMware/Hyper-V VM console. Entering crafted data into the text fields may provide privileged shell access to the appliance operating system. The appliance console on the WXA 500/WXA 2000/WXA 4000/WXA 6000 is only available through physical access to the appliance or by having access credentials to the VMware/Hyper-V environment (WXA 5000).