Get in Touch
SonicWall Product Security & Incident Response Team (PSIRT) has released fixes for some issues with their Secure Mobile Access (SMA) 1000 series appliances. Of these, the one with the highest severity (CVSS 8.2) is an authentication bypass vulnerability (CVE-2022-22282). When chained together, the exploits would allow a remote attacker to connect to the device and recover encrypted data.
An unauthenticated attacker could bypass access controls. A hard-coded encryption key would allow a user with access to the device to decrypt sensitive data. An open redirect would make it easier to create malicious links and bypass some anti-phishing mechanisms.
SMA 1000 Series (6200, 6210, 7200, 7210, 8200v)
Containment, Mitigations & Remediations
SonicWall strongly urges administrators to update devices.
Indicators of Compromise
SonicWall PSIRT says there is no evidence of in-the-wild exploitation. Attacks against VPN and remote access appliances are useful for various types of threat actor as a compromise can grant access to the whole network, as well as providing credentials for further lateral movement.
T1190 – Exploit Public-Facing Application