1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. SonicWall SMA100 Appliances OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2023-44221

SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
  1. https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability exploitation_technique T1548 Abuse Elevation Control Mechanism
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
  1. https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability primary_impact T1059.004 Unix Shell
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
  1. https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability secondary_impact T1543 Create or Modify System Process
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
  1. https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/