SSRF Vulnerability in SMA1000 Appliance Firmware Could Lead to Unintended IP Address Requests
CVE-2024-45317

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sma1000
Vendor: CVE Published:; 11 October 2024

Summary

A vulnerability exists in the SMA1000 appliance firmware that allows an unauthenticated remote attacker to exploit the server-side application. This Server-Side Request Forgery (SSRF) flaw permits the attacker to induce the SMA1000 device to make unintended requests to arbitrary IP addresses, potentially leading to exposure of sensitive information or further compromise of the internal network.

Affected Version(s)

SMA1000 Linux 12.4.3-02676 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Wenjie Zhong (H4lo) of Webin DBappSecurity Co., Ltd.