Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HSonicwall Sma6200
HWSonicwallwszystkie wersjeSonicwall Sma6200 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma6210
HWSonicwallwszystkie wersjeSonicwall Sma6210 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma7200
HWSonicwallwszystkie wersjeSonicwall Sma7200 Firmware
OSSonicwall12.5.0 – 12.5.0-02624 (bez)< 12.4.3-03387Sonicwall Sma7210
HWSonicwallwszystkie wersjeSonicwall Sma7210 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma8200v
APPSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
Related vulnerabilities
SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 applianc...
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...