A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Sma 100
HWSonicwallwszystkie wersjeSonicwall Sma 100 Firmware
OSSonicwall10.0.0.0 – 10.2.0.5-d-29sv (bez)Sonicwall Sma 200
HWSonicwallwszystkie wersjeSonicwall Sma 200 Firmware
OSSonicwallwszystkie wersjeSonicwall Sma 210
HWSonicwallwszystkie wersjeSonicwall Sma 210 Firmware
OSSonicwallwszystkie wersjeSonicwall Sma 400
HWSonicwallwszystkie wersjeSonicwall Sma 400 Firmware
OSSonicwallwszystkie wersjeSonicwall Sma 410
HWSonicwallwszystkie wersjeSonicwall Sma 410 Firmware
OSSonicwallwszystkie wersjeSonicwall Sma 500v
APPSonicwallwszystkie wersje
CISA KEV — detailsi
- Vendori
- SonicWall ↗
- Producti
- SSLVPN SMA100
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
Related vulnerabilities
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...
SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-lif...