Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
References
Link | Resource |
---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
13 Dec 2023, 15:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 - Vendor Advisory | |
First Time |
Sonicwall sma 200
Sonicwall Sonicwall sma 500v Sonicwall sma 210 Firmware Sonicwall sma 410 Firmware Sonicwall sma 410 Sonicwall sma 400 Sonicwall sma 200 Firmware Sonicwall sma 400 Firmware Sonicwall sma 500v Firmware Sonicwall sma 210 |
05 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-05 21:15
Updated : 2023-12-13 15:33
NVD link : CVE-2023-44221
Mitre link : CVE-2023-44221
CVE.ORG link : CVE-2023-44221
JSON object : View
Products Affected
sonicwall
- sma_500v
- sma_410_firmware
- sma_410
- sma_210
- sma_210_firmware
- sma_400_firmware
- sma_500v_firmware
- sma_200_firmware
- sma_400
- sma_200
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')