SonicWall SMA 1000 series vulnerabilities

Overview

SonicWall Product Security & Incident Response Team (PSIRT) has released fixes for some issues with their Secure Mobile Access (SMA) 1000 series appliances. Of these, the one with the highest severity (CVSS 8.2) is an authentication bypass vulnerability (CVE-2022-22282). When chained together, the exploits would allow a remote attacker to connect to the device and recover encrypted data.

Impact

An unauthenticated attacker could bypass access controls. A hard-coded encryption key would allow a user with access to the device to decrypt sensitive data. An open redirect would make it easier to create malicious links and bypass some anti-phishing mechanisms.

Affected Products

SMA 1000 Series (6200, 6210, 7200, 7210, 8200v)

Containment, Mitigations & Remediations

SonicWall strongly urges administrators to update devices.

Indicators of Compromise

None listed.

Threat Landscape

SonicWall PSIRT says there is no evidence of in-the-wild exploitation. Attacks against VPN and remote access appliances are useful for various types of threat actor as a compromise can grant access to the whole network, as well as providing credentials for further lateral movement.

Mitre Methodologies

T1190 – Exploit Public-Facing Application

Further Information

Security Notice: SMA 1000 Series Unauthenticated Access Control Bypass

SonicWall SSLVPN SMA 1000 Series Affected By Multiple Vulnerabilities