Product Notice: SMA 1000 affected by multiple vulnerabilities
Overview
- CVE-2026-4112: Privilege Escalation via SQL Injection – CVSS Score: 7.2 (High)
- CVE-2026-4113: Authentication Response Discrepancy Allows User Credential Enumeration – CVSS Score: 5.3 (Medium)
- CVE-2026-4114: Unicode Possible AMC TOTP Bypass Vulnerability – CVSS Score: 6.6 (Medium)
- CVE-2026-4116: Unicode Possible Workplace/Connect Tunnel TOTP Bypass Vulnerability – CVSS Score: 6.0 (Medium)
IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.
This vulnerability is unrelated to any other reported vulnerability on SonicOS SSL VPN or SMA 100 products.
Product Impact
Please review the table below to see the products and their versions that are impacted:
|
Impacted Product(s) |
Impacted Versions |
|
SMA 1000 (6210, 7210, 8200v & CMS – all hypervisors) |
12.4.3-03245 and earlier versions 12.5.0-02283 and earlier versions |
Remediation
|
Impacted Product(s) |
Impacted Versions |
Fixed Version |
|
SMA 1000 (6210, 7210, 8200v & CMS – all hypervisors) |
12.4.3-03245 and earlier versions 12.5.0-02283 and earlier versions |
12.4.3-03370 and higher versions 12.5.0-02576 and higher versions |
SonicWall strongly advises Secure Mobile Access customers to upgrade to the latest release version.
Related information
- Previous AlertProduct Notice: Improper Access Control Vulnerability in SonicOSRead More
