Lucene search

[email protected]CVE-2023-0126

HistoryJan 19, 2023 - 8:15 p.m.

CVE-2023-0126

2023-01-1920:15:10

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-0126

pre-authentication

path traversal

vulnerability

sma1000 firmware

12.4.2

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.291 Low

EPSS

Percentile

96.9%

JSON

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

Affected configurations

NVD

Node

sonicwallsma1000Match-

AND

sonicwallsma1000_firmwareMatch12.4.2

CPENameOperatorVersion
sonicwall:sma1000_firmwaresonicwall sma1000 firmwareeq12.4.2

CPE	Name	Operator	Version
sonicwall:sma1000_firmware	sonicwall sma1000 firmware	eq	12.4.2

CNA Affected

[
  {
    "vendor": "SonicWall",
    "product": "SonicWall SMA1000",
    "versions": [
      {
        "version": "12.4.2",
        "status": "affected"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.291 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2023-0126

nuclei1 cvelist1 prion1 nvd1