This attack allows attackers to take control of the device and conduct man-in-the-middle attacks. It can be exploited by malicious users to conduct a redirection attack to a target website of their choice.
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions have a redirection vulnerability. An attacker can exploit this vulnerability by visiting a website and clicking on a malicious link.
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open
Vulnerable Packages
12.4.0 and earlier versions on SonicWall SMA1000 series appliances
CVE-2017-2636 SonicWall Firewall IPS/APP 12.2.2, 12.3.1-02514, 12.3.1-03075, 12.3.1-03386 and earlier versions
Vulnerable / tested firmware versions
The following firmware versions are vulnerable:
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions have a redirection vulnerability.
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability
Timeline
Published on: 05/13/2022 20:15:00 UTC
Last modified on: 05/25/2022 13:35:00 UTC