SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

5 days ago 10


SonicWall has published an advisory informing of a trio of information flaws successful its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability.

The weaknesses successful question interaction SMA 6200, 6210, 7200, 7210, 8000v moving firmware versions 12.4.0 and 12.4.1. The database of vulnerabilities is beneath -

  • CVE-2022-22282 (CVSS score: 8.2) - Unauthenticated Access Control Bypass
  • CVE-2022-1702 (CVSS score: 6.1) - URL redirection to an untrusted tract (open redirection)
  • CVE-2022-1701 (CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key

Successful exploitation of the aforementioned bugs could let an attacker to unauthorized entree to interior resources and adjacent redirect imaginable victims to malicious websites.


Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities.

SonicWall noted that the flaws bash not impact SMA 1000 bid moving versions earlier than 12.4.0, SMA 100 series, Central Management Servers (CMS), and distant entree clients.


Although determination is nary grounds that these vulnerabilities are being exploited successful the wild, it's recommended that users use the fixes successful the airy of the information that SonicWall appliances person presented an attractive bullseye successful the past for ransomware attacks.

"There are nary impermanent mitigations," the web information institution said. "SonicWall urges impacted customers to instrumentality applicable patches arsenic soon arsenic possible."

Found this nonfiction interesting? Follow THN connected Facebook, Twitter and LinkedIn to work much exclusive contented we post.

Read Entire Article