Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
References
| Link | Resource |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
History
13 Dec 2023, 15:32
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:* |
|
| References | () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CWE | CWE-287 | |
| First Time |
Sonicwall sma 210 Firmware
Sonicwall sma 500v Sonicwall sma 200 Firmware Sonicwall sma 410 Firmware Sonicwall sma 400 Firmware Sonicwall sma 200 Sonicwall sma 400 Sonicwall sma 210 Sonicwall sma 410 Sonicwall Sonicwall sma 500v Firmware |
05 Dec 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-05 21:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5970
Mitre link : CVE-2023-5970
CVE.ORG link : CVE-2023-5970
JSON object : View
Products Affected
sonicwall
- sma_410
- sma_210
- sma_410_firmware
- sma_200
- sma_210_firmware
- sma_400
- sma_200_firmware
- sma_400_firmware
- sma_500v
- sma_500v_firmware
CWE
CWE-287
Improper Authentication