SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-44221 | SonicWall SMA100 Appliances OS Command Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
|
| CVE-2023-44221 | SonicWall SMA100 Appliances OS Command Injection Vulnerability | exploitation_technique | T1548 | Abuse Elevation Control Mechanism |
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
|
| CVE-2023-44221 | SonicWall SMA100 Appliances OS Command Injection Vulnerability | primary_impact | T1059.004 | Unix Shell |
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
|
| CVE-2023-44221 | SonicWall SMA100 Appliances OS Command Injection Vulnerability | secondary_impact | T1543 | Create or Modify System Process |
Comments
This post-authentication command injection vulnerability is chained with CVE-2024-38475 to allow command execution as the nobody user, affecting versions below 10.2.1.10-62sv.
References
|