⚠ Actively exploited

Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..

CVE-2019-7483 — Path Traversal in SMA 100 Firmware

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGHNVD

EPSS

42.4%

top 2.54%

CISA KEV

KEV

Added 2022-03-28

Due 2022-04-18

Exploit

Exploited in wild

Active exploitation observed

Affected products

Sonicwall SMA 100 Firmware Sonicwall Sma100

Timeline

PublishedDec 19

KEV addedMar 28

KEV dueApr 18

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsonicwall/sma_100_firmware< 9.0.0.4

▶CVEListV5sonicwall/sma1009.0.0.3 and earlier

🔴Vulnerability Details

GHSA

GHSA-xxfj-h999-8mjj: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f↗2022-05-24

▶

CVEList

CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f↗2019-12-19

▶

VulnCheck

SonicWall SMA100 Directory Traversal Vulnerability↗2019

▶

📋Vendor Advisories

CISA

SonicWall SMA100 Directory Traversal Vulnerability↗2022-03-28

▶