OS Command Injection Vulnerability in SMA100 SSL-VPN by SonicWall
CVE-2023-44221

7.2HIGH

Key Information:

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 5 December 2023

Summary

An OS command injection vulnerability exists in the management interface of SonicWall's SMA100 SSL-VPN. This issue arises due to improper handling of special elements, allowing authenticated attackers with administrative privileges to execute arbitrary commands as the 'nobody' user. This can potentially compromise the security of the underlying operating system, enabling access to sensitive information or further system misconfiguration.

Affected Version(s)

SMA100 SMA 200 10.2.1.9-57sv and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 26, 2023