SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability.
The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below –
- CVE-2022-22282 (CVSS score: 8.2) – Unauthenticated Access Control Bypass
- CVE-2022-1702 (CVSS score: 6.1) – URL redirection to an untrusted site (open redirection)
- CVE-2022-1701 (CVSS score: 5.7) – Use of a shared and hard-coded cryptographic key
Successful exploitation of the aforementioned bugs could allow an attacker to unauthorized access to internal resources and even redirect potential victims to malicious websites.