Authentication flaw

2023-12-0521:15:00

PRIOn knowledge base

www.prio-n.com

authentication flaw

sma100

ssl-vpn

mfa bypass

improper authentication

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.0%

JSON

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

CPENameOperatorVersion
sma_200_firmwareeq<= 10.2.1.9-57sv
sma_210_firmwareeq<= 10.2.1.9-57sv
sma_400_firmwareeq<= 10.2.1.9-57sv
sma_410_firmwareeq<= 10.2.1.9-57sv
sma_500v_firmwareeq<= 10.2.1.9-57sv

Name	Operator	Version
sma_200_firmware	eq	<= 10.2.1.9-57sv
sma_210_firmware	eq	<= 10.2.1.9-57sv
sma_400_firmware	eq	<= 10.2.1.9-57sv
sma_410_firmware	eq	<= 10.2.1.9-57sv
sma_500v_firmware	eq	<= 10.2.1.9-57sv

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018