Lucene search
SonicwallCVE-2024-22395HistoryFeb 24, 2024 - 12:15 a.m.
CVE-2024-22395
2024-02-2400:15:45
CWE-287
sonicwall
web.nvd.nist.gov
63
cve-2024-22395
sma100
ssl-vpn
access control
vulnerability
remote attacker
mfa
nvd
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user’s MFA mobile application.
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.1.10-62sv and earlier versions"
}
]
}
]Related
nvd
nvd
CVE-2024-22395
2024-02-24 00:15:45
nessus
nessus
SonicWall Secure Mobile Access < 10.2.1.11-65sv (SNWLID-2024-0001)
2024-03-01 00:00:00
cvelist
cvelist
CVE-2024-22395
2024-02-23 23:37:06
vulnrichment
vulnrichment
CVE-2024-22395
2024-02-23 23:37:06
prion
prion
Improper access control
2024-02-24 00:15:00
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-22395