Security Notice: SMA 1000 Series Unauthenticated Access Control Bypass

The SonicWall Product Security & Incident Response Team (PSIRT) has verified and patched the following vulnerabilities that impact Secure Mobile Access (SMA) 1000 series products (see product list and impacted firmware versions below).

1. Unauthenticated access control bypass
2. Use of hard-coded/shared cryptographic key
3. URL redirection to an untrusted site (open redirection)

Important: There is no evidence that these vulnerabilities are being exploited in the wild.

Details for each patch can be found in PSIRT Advisory SNWLID-2022-0009.

Overview

• Impacted Product(s): SMA 1000 Series (6200, 6210, 7200, 7210, 8200v) 
• Impacted Version(s): 12.4.0 and 12.4.1 including hot fixes
• Fixed Version(s): 12.4.1-02994
• Notes: Does not impact the following products
  
  • SMA 1000 series running versions earlier than 12.4.0
  • SMA 100 series
  • CMS
  • Remote access clients

SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch and follow the guidance below.

Impact

1. Unauthenticated access control bypass
   Successful exploitation could lead to an attacker gaining access to an internal resource by crafting connections from an unauthenticated position.
   
2. Use of hard-coded cryptographic key
   Successful exploitation could lead to an attacker gaining access to encrypted credentials.
   
3. URL redirection to an untrusted site (open redirection)
   Successful exploitation could lead an attacker redirecting users to an untrusted site.
   

Temporary Mitigations

There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible. 

Resolution

Impacted Platforms: SMA 1000 Series
SMA 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure)

Additional Resources

• PSIRT ADVISORY ID: SNWLID-2022-0009
  
• CVE IDs: CVE-2022-22282
  
• KB Article: How can I upgrade firmware in SMA 1000 series appliance?