RCE in Sonicwall Sma100

CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denia…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.041 (88.8th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.4-31sv and earlier, 10.2.0.9-41sv and earlier

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 (x_refsource_CONFIRM)