logo
DATABASE RESOURCES PRICING ABOUT US

SonicWall Secure Mobile Access (SMA) 12.4.x < 12.4.1-02994 Multiple Vulnerabilities (SNWLID-2022-0009)

Description

The remote host is a SonicWall Secure Mobile Access (SMA) device that may be affected by multiple vulnerabilities: - SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. (CVE-2022-1701) - SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. (CVE-2022-1702) - SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. (CVE-2022-22282) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related