CVE-2023-44221
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
La neutralización inadecuada de elementos especiales en la interfaz de administración SMA100 SSL-VPN permite que un atacante remoto autenticado con privilegios administrativos inyecte comandos arbitrarios como un usuario "nobody", lo que podría provocar una vulnerabilidad de inyección de comandos del sistema operativo.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2023-09-26 CVE Reserved
- 2023-12-05 CVE Published
- 2025-05-01 Exploited in Wild
- 2025-05-02 CVE Updated
- 2025-05-22 KEV Due Date
- 2025-07-01 EPSS Updated
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | 2023-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Sma 200 Firmware Search vendor "Sonicwall" for product "Sma 200 Firmware" | <= 10.2.1.9-57sv Search vendor "Sonicwall" for product "Sma 200 Firmware" and version " <= 10.2.1.9-57sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 200 Search vendor "Sonicwall" for product "Sma 200" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 210 Firmware Search vendor "Sonicwall" for product "Sma 210 Firmware" | <= 10.2.1.9-57sv Search vendor "Sonicwall" for product "Sma 210 Firmware" and version " <= 10.2.1.9-57sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 210 Search vendor "Sonicwall" for product "Sma 210" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 400 Firmware Search vendor "Sonicwall" for product "Sma 400 Firmware" | <= 10.2.1.9-57sv Search vendor "Sonicwall" for product "Sma 400 Firmware" and version " <= 10.2.1.9-57sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 400 Search vendor "Sonicwall" for product "Sma 400" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 410 Firmware Search vendor "Sonicwall" for product "Sma 410 Firmware" | <= 10.2.1.9-57sv Search vendor "Sonicwall" for product "Sma 410 Firmware" and version " <= 10.2.1.9-57sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 410 Search vendor "Sonicwall" for product "Sma 410" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 500v Firmware Search vendor "Sonicwall" for product "Sma 500v Firmware" | <= 10.2.1.9-57sv Search vendor "Sonicwall" for product "Sma 500v Firmware" and version " <= 10.2.1.9-57sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 500v Search vendor "Sonicwall" for product "Sma 500v" | - | - |
Safe
|