SonicWall has revealed an advisory warning of a trio of safety flaws in its Secure Mobile Access (SMA) 1000 home equipment, together with a high-severity authentication bypass vulnerability.
The weaknesses in query influence SMA 6200, 6210, 7200, 7210, 8000v operating firmware variations 12.4.0 and 12.4.1. The listing of vulnerabilities is beneath –
- CVE-2022-22282 (CVSS rating: 8.2) – Unauthenticated Access Control Bypass
- CVE-2022-1702 (CVSS rating: 6.1) – URL redirection to an untrusted web site (open redirection)
- CVE-2022-1701 (CVSS rating: 5.7) – Use of a shared and hard-coded cryptographic key
Successful exploitation of the aforementioned bugs may enable an attacker to unauthorized entry to inner assets and even redirect potential victims to malicious web sites.
Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities.
SonicWall famous that the issues don’t have an effect on SMA 1000 collection operating variations sooner than 12.4.0, SMA 100 collection, Central Management Servers (CMS), and distant entry shoppers.
Although there isn’t any proof that these vulnerabilities are being exploited within the wild, it is really helpful that customers apply the fixes within the mild of the truth that SonicWall home equipment have introduced a horny bullseye prior to now for ransomware assaults.
“There are no temporary mitigations,” the community safety firm mentioned. “SonicWall urges impacted customers to implement applicable patches as soon as possible.”