SonicWall issued a security notice urging customers to immediately patch several vulnerabilities that are considered high-risk affecting its Secure Mobile Access (SMA) 1000 Series line of products.
This can allow attackers to bypass authorization and, potentially, compromise unpatched appliances. The flaw tracked as CVE-2022-22282 in an unauthenticated access control bypass flaw affects SMA1000 series firmware 12.4.0, 12.4.1-02965, and earlier versions. The flaw was rated high severity.
“SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restrict access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability”, reads the description of this issue.
The Sonic Wall also addressed the issue tracked as CVE-2022-1701, a hard-coded cryptographic key, the flaw is rated as medium severity.
The third issue was tracked as CVE-2022-1702 leads to open redirection vulnerability, rated as medium…