SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. An attacker can exploit the vulnerabilities to bypass authorization and, potentially, compromise vulnerable devices.
The first issue, tracked as CVE-2022-22282, in an unauthenticated access control bypass flaw, it affects SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions. The flaw was rated high severity.
“SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.” reads the description for this issue.
The vendor also addressed a hard-coded cryptographic key and an open redirect issue, the two flaws are rated as medium severity.
The SonicWall Product Security & Incident Response Team (PSIRT) said that it is now aware of attacks in the wild exploiting any of the above flaws. The company pointed out that there are no temporary mitigations.
“There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible.” continues the report.
The flaws does not impact SMA 1000 series running versions earlier than 12.4.0.
Below is the list of impacted platforms:
SonicWall strongly urges that organizations using the SMA 1000 series
(SecurityAffairs – hacking, SMA)