PT-2022-2958 · Sonicwall · Sonicwall Sma1000

Published

2022-05-12

Updated

2022-10-14

CVE-2022-1701

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier

Description The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information.

Recommendations For SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier, consider updating to a version that does not use a shared and hard-coded encryption key, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-798

Related Identifiers

BDU:2022-03568

CVE-2022-1701

Affected Products

Sonicwall Sma1000

PT-2022-2958 · Sonicwall · Sonicwall Sma1000

CVE-2022-1701

Weakness Enumeration

Related Identifiers

Affected Products

References · 7