SonicWall

SMA100 Post-Authentication Remote Command Execution Vulnerability

First Published:05/17/2022 Last Updated:05/17/2022

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.


NOTE: SMA 1000 series products are not affected by this vulnerability. 


AFFECTED PRODUCT(S)

  • SMA100 series firmware 10.2.1.4-31sv and earlier versions.
  • SMA100 series firmware 10.2.0.9-41sv and earlier versions.


CPE(S) WORKAROUND

None


FIXED SOFTWARE

  • SMA100 series firmware 10.2.1.5-34sv and higher versions.
  • SMA100 series firmware 10.2.0.10-46sv and higher versions.

Previous Alert
SonicWall POE Switch Chassis/Enclosure
Next Alert
Migration to Modern Authentication in Microsoft 365
Company
Popular resources

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.

© 2024 SonicWall. All Rights Reserved.