Vulnerability Description
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma 200 Firmware | <= 10.2.1.9-57sv |
| Sonicwall | Sma 200 | - |
| Sonicwall | Sma 210 Firmware | <= 10.2.1.9-57sv |
| Sonicwall | Sma 210 | - |
| Sonicwall | Sma 400 Firmware | <= 10.2.1.9-57sv |
| Sonicwall | Sma 400 | - |
| Sonicwall | Sma 410 Firmware | <= 10.2.1.9-57sv |
| Sonicwall | Sma 410 | - |
| Sonicwall | Sma 500V Firmware | <= 10.2.1.9-57sv |
| Sonicwall | Sma 500V | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-44221?
CVE-2023-44221 is a vulnerability with a CVSS score of 7.2 (HIGH). Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' u...
How severe is CVE-2023-44221?
CVE-2023-44221 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44221?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 400 Firmware.