Alain Mowat

**Name of the Vulnerable Software and Affected Versions** SonicWall SMA100 SSLVPN firmware versions 10.2.1.13-72sv and earlier **Description** A vulnerability in the SonicWall SMA100 SSLVPN firmware allows a remote authenticated attacker to circumvent the certificate requirement during authentication. This issue enables a remote attacker to bypass authentication. **Recommendations** For SonicWall SMA100 SSLVPN firmware versions 10.2.1.13-72sv and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall SMA100 SSLVPN versions 10.2.1.13-72sv and earlier **Description** A problem in the mod httprp library loaded by the Apache web server allows remote attackers to cause a stack-based buffer overflow, potentially leading to code execution. This issue affects the SonicWall SMA100 SSLVPN firmware. **Recommendations** For versions 10.2.1.13-72sv and earlier, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the mod httprp library until a patch is available.

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 series (affected versions not specified) Description: The issue is related to the use of a cryptographically weak pseudo-random number generator (PRNG) in the SonicWall SMA100 SSLVPN backup code generator. This weakness can be exploited by a remote attacker to potentially expose protected information. The PRNG's predictability in certain cases allows an attacker to possibly uncover the generated secret. Recommendations: For SonicWall SMA100 series, consider disabling the use of the PRNG in the SSLVPN backup code generator until a patch or fix is available. As a temporary workaround, restrict access to the SSLVPN backup code generator to minimize the risk of exploitation. Avoid using the SSLVPN backup code generator until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 SSLVPN (affected versions not specified) Description: A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause a stack-based buffer overflow, potentially leading to code execution. The issue is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 SSLVPN versions prior to 10.2.1.13-72sv Description: The issue is related to a heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN, caused by the use of `strcpy`. This allows remote authenticated attackers to cause a heap-based buffer overflow, potentially leading to code execution. The vulnerability can be exploited by remote attackers, allowing them to execute arbitrary code. Recommendations: For SonicWall SMA100 SSLVPN versions prior to 10.2.1.13-72sv, upgrade the affected components immediately to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable `strcpy` function until a patch is available.