⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2019-7481 — SQL Injection in SMA 100 Firmware

CWE-89 — SQL Injection8 documents8 sources

Severity

7.5HIGHNVD

EPSS

94.3%

top 0.04%

CISA KEV

KEVRansomware

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Sonicwall SMA 100 Firmware Sonicwall Sma100

Timeline

PublishedDec 17

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsonicwall/sma_100_firmware< 9.0.0.4

▶CVEListV5sonicwall/sma1009.0.0.3 and earlier

🔴Vulnerability Details

GHSA

GHSA-229v-p5vr-f583: Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources↗2022-05-24

▶

CVEList

CVE-2019-7481: Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources↗2019-12-17

▶

OSV

ansible vulnerabilities↗2019-07-24

▶

VulnCheck

SonicWall SMA100 SQL Injection Vulnerability↗2019

▶

💥Exploits & PoCs

Nuclei

SonicWall SRA 4600 VPN - SQL Injection

▶

🔍Detection Rules

Suricata

ET EXPLOIT [ConnectWise CRU] Potential Sonicwall SRA SQLi (CVE-2019-7481)↗2021-07-16

▶

📋Vendor Advisories

CISA

SonicWall SMA100 SQL Injection Vulnerability↗2021-11-03

▶