The SonicWall Product Security & Incident Response Team (PSIRT) has verified and patched the following vulnerabilities that impact Secure Mobile Access (SMA) 1000 series products (see product list and impacted firmware versions below).

  1. Unauthenticated access control bypass
  2. Use of hard-coded/shared cryptographic key
  3. URL redirection to an untrusted site (open redirection)

Important: There is no evidence that these vulnerabilities are being exploited in the wild.

Details for each patch can be found in PSIRT Advisory SNWLID-2022-0009.

Overview

  • Impacted Product(s): SMA 1000 Series (6200, 6210, 7200, 7210, 8200v)
  • Impacted Version(s): 12.4.0 and 12.4.1 including hot fixes
  • Fixed Version(s): 12.4.1-02994
  • Notes: Does not impact the following products
    • SMA 1000 series running versions earlier than 12.4.0
    • SMA 100 series
    • CMS
    • Remote access clients

SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch and follow the guidance below.

Impact

  1. Unauthenticated access control bypass
    Successful exploitation could lead to an attacker gaining access to an internal resource by crafting connections from an unauthenticated position.
  2. Use of hard-coded cryptographic key
    Successful exploitation could lead to an attacker gaining access to encrypted credentials.
  3. URL redirection to an untrusted site (open redirection)
    Successful exploitation could lead an attacker redirecting users to an untrusted site.

Temporary Mitigations

There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible.

Resolution

Impacted Platforms: SMA 1000 Series
SMA 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure)

Summary CVSS Score Impacted Firmware Fixed Firmware CVE ID
Unauthenticated access control bypass 8.2 (High) 12.4.0

12.4.1

 12.4.1-02994 CVE-2022-22282
Use of hard-coded cryptographic key 5.7 (Medium) 12.4.0

12.4.1

 12.4.1-02994 Pending release from Mitre
URL redirection to an untrusted site (open redirection) 6.1 (Medium) 12.4.0

12.4.1

 12.4.1-02994 Pending release from Mitre

Additional Resources

Related posts:

  1. SonicWall Product Notice: Unauthenticated Stack-based Buffer Overflow Vulnerability in SonicOS
  2. Take Back Control Of Your Network With Sonicwall’s Deeper Security
  3. Security Notice: SonicWall Analytics On-Prem SQL Injection Vulnerability
  4. Security Notice: SonicWall Global VPN Client DLL Search Order Hijacking via Application Installer