High
CVE-2023-0126
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-0126
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityVery High
Technical Analysis
SonicWall Secure Mobile Access (SMA) 1000 series contains a pre-authentication path traversal vulnerability. This flaw could potentially allow an unauthenticated attacker to access files and directories stored outside the web root directory.
This vulnerability could enable an attacker to traverse the file system and gain unauthorized access to sensitive files and directories. Note: this vulnerability solely affects SMA 1000 firmware version 12.4.2.
PoC: cat file.txt| while read host do;do curl -sk “http://\(host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo \)host “Vulnerable”;done
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- sonicwall
Products
- sma1000 firmware 12.4.2
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
