CVE-2023-44221

Name of the Vulnerable Software and Affected Versions SonicWall SMA100 versions prior to 10.2.1.10-62sv

Description The issue is related to the improper neutralization of special elements in the SMA100 SSL-VPN management interface, allowing a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. This could lead to OS Command Injection. The vulnerability has been actively exploited to compromise SonicWall SMA gateways, exposing the SQLite file with active session tokens. Successful exploitation does not require authentication in some cases, such as with the Apache HTTP Server vulnerability. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For SonicWall SMA100 versions prior to 10.2.1.10-62sv, update to version 10.2.1.10-62sv or later to resolve the issue. As a temporary workaround, consider disabling administrative access to the SMA100 SSL-VPN management interface until a patch is applied. Restrict access to the vulnerable SMA100 SSL-VPN management interface to minimize the risk of exploitation.