Several models of SonicWall’s SMA 1000 series appliances contain three serious vulnerabilities, including an authentication bypass and a hard-coded encryption key. The company has released an updated firmware image and is urging customers to update immediately.
The flaws affect models 6200, 6210, 7200, 7210, and 8200v of the SMA1000 SSLVPN appliances running firmware versions 12.4.0 and 12.4.1. The fixed firmware version is 12.4..1-02994.
All of the vulnerabilities are serious, but the most concerning one is CVE-2022-2282, the unauthenticated access control bypass. The affected appliances fail to check authorization for when a user tries to access a resource. An attacker who exploits this vulnerability would be able to gain access to an internal resource from an unauthenticated position.
The affected models also use a shared and hard-coded encryption key, meaning that an attacker who can discover the key could get access to any credentials encrypted with it on any affected appliance. The third vulnerability is an open redirect, which could enable an attacker to direct users to any URL.
There are no mitigations or workarounds for any of the vulnerabilities. SonicWall said in its advisory that there is no evidence that any of the flaws has been exploited in the wild yet.
“SonicWall urges impacted customers to implement applicable patches as soon as possible,” the advisory says.
The flaws do not affect the SMA 100 series appliances, remote access clients, or the SonicWall Central Management Server.