=====================================================================

                                 CERT-Renater

                     Note d'Information No. 2022/VULN293

_____________________________________________________________________

DATE                : 26/08/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): SMA100 firmware versions prior to 10.2.1.6-37sv.

=====================================================================
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0019
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0020
_____________________________________________________________________


SonicWall SMA100 Post-Auth Heap-based Buffer Overflow Vulnerability

7.2


Overview

Advisory ID 	        SNWLID-2022-0019
First Published 	2022-08-24
Last Updated 	        2022-08-24
Workaround              false
Status                  Applicable
CVE                     CVE-2022-2915
CWE                     CWE-122
CVSS v3                 7.2
CVSS Vector 	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Direct Link 	


Summary

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100
appliance allows a remote authenticated attacker to cause Denial of
Service (DoS) on the appliance or potentially lead to code execution.
This vulnerability impacts 10.2.1.5-34sv and earlier versions.

IMPORTANT: SMA 1000 series products are not affected by this
vulnerability.


Affected Product(s)
SMA100 firmware 10.2.1.5-34sv and earlier versions.
CPE(s)


Workaround
None

Fixed Software
SMA100 firmware 10.2.1.6-37sv and higher versions.


Comments


Credit(s)
Exodus Intelligence


Revision History

      Version

      1.0

      Date

      24-Aug-2022

      Description

      Initial Release.


Reference(s)

_____________________________________________________________________


SMA100 Exposure of Sensitive Information to an Unauthorized Actor

5.3


Overview

Advisory ID             SNWLID-2022-0020
First Published         2022-08-24
Last Updated            2022-08-24
Workaround              false
Status                  Applicable
CVE                     N/A
CWE                     CWE-200
CVSSv3                  5.3
CVSS Vector 	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Direct Link 	


Summary

A vulnerability in the SonicWall SMA100 appliance could potentially
expose sensitive information i.e., third-party packages and library
versions used in the appliance firmware to a pre-authenticated actor.


IMPORTANT: SMA 1000 series products are not affected by this
vulnerability.


Affected Product(s)
SMA100 firmware 10.2.1.5-34sv and earlier versions.


CPE(s)


Workaround
None


Fixed Software
SMA100 firmware 10.2.1.6-37sv and higher versions.


Comments


Credit(s)
Florian Grundmann


Revision History

      Version

      1.0

      Date

      24-Aug-2022

      Description

      Initial Release.


Reference(s)

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================