Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-44221
Analyzed
More InfoOfficial Page
Source-PSIRT@sonicwall.com
View Known Exploited Vulnerability (KEV) details
Published At-05 Dec, 2023 | 21:15
Updated At-31 Oct, 2025 | 15:56

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-05-012025-05-22SonicWall SMA100 Appliances OS Command Injection VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2025-05-01
Due Date: 2025-05-22
Vulnerability Name: SonicWall SMA100 Appliances OS Command Injection Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
SonicWall Inc.
sonicwall
>>sma_200_firmware>>Versions up to 10.2.1.9-57sv(inclusive)
cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_200>>-
cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_210_firmware>>Versions up to 10.2.1.9-57sv(inclusive)
cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_210>>-
cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_400_firmware>>Versions up to 10.2.1.9-57sv(inclusive)
cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_400>>-
cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_410_firmware>>Versions up to 10.2.1.9-57sv(inclusive)
cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_410>>-
cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_500v_firmware>>Versions up to 10.2.1.9-57sv(inclusive)
cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sma_500v>>-
cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78SecondaryPSIRT@sonicwall.com
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: PSIRT@sonicwall.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018PSIRT@sonicwall.com
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44221134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018
Source: PSIRT@sonicwall.com
Resource:
Vendor Advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44221
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found