Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
References
| Link | Resource |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
History
13 Dec 2023, 15:32
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sonicwall sma 200
Sonicwall Sonicwall sma 500v Sonicwall sma 210 Firmware Sonicwall sma 410 Firmware Sonicwall sma 410 Sonicwall sma 400 Sonicwall sma 200 Firmware Sonicwall sma 400 Firmware Sonicwall sma 500v Firmware Sonicwall sma 210 |
|
| References | () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:* |
05 Dec 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-05 21:15
Updated : 2023-12-13 15:32
NVD link : CVE-2023-5970
Mitre link : CVE-2023-5970
CVE.ORG link : CVE-2023-5970
JSON object : View
Products Affected
sonicwall
- sma_210
- sma_410
- sma_500v_firmware
- sma_500v
- sma_210_firmware
- sma_200
- sma_410_firmware
- sma_400
- sma_400_firmware
- sma_200_firmware
CWE
CWE-287
Improper Authentication