9.8

CVE-2025-23006

Warnung

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SonicwallSma8200v Version < 12.4.3-02854
SonicwallSma6200 Firmware Version < 12.4.3-02854
   SonicwallSma6200 Version-
SonicwallSma6210 Firmware Version < 12.4.3-02854
   SonicwallSma6210 Version-
SonicwallSma7200 Firmware Version < 12.4.3-02854
   SonicwallSma7200 Version-
SonicwallSma7210 Firmware Version < 12.4.3-02854
   SonicwallSma7210 Version-
SonicwallSra Ex6000 Firmware Version <= 12.4.3-02804
   SonicwallSra Ex6000 Version-
SonicwallSra Ex7000 Firmware Version <= 12.4.3-02804
   SonicwallSra Ex7000 Version-
SonicwallSra Ex9000 Firmware Version <= 12.4.3-02804
   SonicwallSra Ex9000 Version-

24.01.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

SonicWall SMA1000 Appliances Deserialization Vulnerability

Schwachstelle

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 58.19% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.