SonicWall SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities

Overview

• CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2)
  Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
  Impact:Successfully leveraging CVE-2023-44221 against impacted SMA 100 devices can result in the post-authenticated remote attacker with administrative privilege being able to inject arbitrary commands which can potentially lead to OS command execution on the appliance.

• CVE-2023-5970 - Post Authentication External User MFA Bypass Vulnerability (CVSS Score: 6.3)
  Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user, resulting in an MFA bypass.
  Impact: Successfully leveraging CVE-2023-5970 against impacted SMA 100 devices can result in the post-authenticated remote attacker being able to bypass the SMA100 MFA feature which can potentially lead to access to the globally defined SSL-VPN portal bookmarks and resources in the appliance.

IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.

Product Impact

Please review the table below to see if your SMA appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.

Remediation

Related information

• SNWLID-2023-0018
• CVE-2023-44221, CVE-2023-5970
• PSIRT Portal
• How to upgrade firmware on SMA 100 Series appliances