CVE-2023-44221

2023-12-0520:10:35

CWE-78

sonicwall

www.cve.org

cve-2023-44221

sma100

remote attacker

administrative privilege

os command injection

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "SMA 200",
      "SMA 210",
      "SMA 400",
      "SMA 410",
      "SMA 500v"
    ],
    "product": "SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "10.2.1.9-57sv and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018