CVE-2023-5970
https://notcve.org/view.php?id=CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. La autenticación incorrecta en el portal de oficina virtual SMA100 SSL-VPN permite que un atacante autenticado remoto cree un usuario de dominio externo idéntico utilizando caracteres acentuados, lo que resulta en una omisión de MFA. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 • CWE-287: Improper Authentication •
CVE-2023-44221
https://notcve.org/view.php?id=CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. La neutralización inadecuada de elementos especiales en la interfaz de administración SMA100 SSL-VPN permite que un atacante remoto autenticado con privilegios administrativos inyecte comandos arbitrarios como un usuario "nobody", lo que podría provocar una vulnerabilidad de inyección de comandos del sistema operativo. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-47522
https://notcve.org/view.php?id=CVE-2022-47522
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. • https://papers.mathyvanhoef.com/usenix2023-wifi.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc https://www.wi-fi.org/discover-wi-fi/passpoint • CWE-290: Authentication Bypass by Spoofing •
CVE-2023-0126
https://notcve.org/view.php?id=CVE-2023-0126
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. Vulnerabilidad de path traversal de autenticación previa en la versión 12.4.2 del firmware SMA1000, que permite a un atacante no autenticado acceder a archivos y directorios arbitrarios almacenados fuera del directorio raíz web. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-2915
https://notcve.org/view.php?id=CVE-2022-2915
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el dispositivo SonicWall SMA100 permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) en el dispositivo o conllevar potencialmente a una ejecución de código. Esta vulnerabilidad afecta a versiones 10.2.1.5-34sv y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0019 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •