CySecurity News – Latest Information Security and Hacking Incidents
SonicWall is urging customers to fix multiple high-risk security vulnerabilities in its Secure Mobile Access (SMA) 1000 Series line of products, which might allow attackers to evade authorization and compromise unpatched devices.
Enterprises utilise SonicWall SMA 1000 SSLVPN solutions to ease end-to-end secure remote access to business resources in on-premises, cloud, and hybrid data centre environments. The first bug (a high-severity unauthenticated access control bypass) has been assigned CVE-2022-22282, however, the other two (a hard-coded cryptographic key and an open redirect, both of medium severity) are currently awaiting a CVE ID.
“SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch,” the company says in a security advisory published this week.
SonicWall, on the other hand, stated that no evidence of these vulnerabilities being exploited in the field was discovered. The vulnerabilities do not affect SMA 1000 series devices running versions prior to 12.4.0, SMA 100 series products, CMS, or remote access clients, according to the company. The following SMA 1000 Series models are affected by security flaws: 6200, 6210, 7200, 7210, and 8000v (ESX, KVM, Hyper-V, AWS, Azure).
The most serious of the three flaws is CVE-2022-22282, which allows unauth
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: