Lucene search
SonicwallCVELIST:CVE-2024-22395HistoryFeb 23, 2024 - 11:37 p.m.
CVE-2024-22395
2024-02-2323:37:06
CWE-287
sonicwall
www.cve.org
4
cve-2024-22395
access control
sma100 ssl-vpn
remote attacker
mfa
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user’s MFA mobile application.
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.1.10-62sv and earlier versions"
}
]
}
]Related
nvd
nvd
CVE-2024-22395
2024-02-24 00:15:45
cve
cve
CVE-2024-22395
2024-02-24 00:15:45
nessus
nessus
SonicWall Secure Mobile Access < 10.2.1.11-65sv (SNWLID-2024-0001)
2024-03-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-22395
2024-02-23 23:37:06
prion
prion
Improper access control
2024-02-24 00:15:00
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-22395