Three security vulnerabilities impacting SonicWall
's Secure Mobile Access 1,000 appliances, one of which is a high-severity authentication bypass flaw, have been detailed as part of a warning from SonicWall, reports The Hacker News
Threat actors could exploit vulnerabilities impacting SonicWall SMA6200, 6210, 7200, 7210, 8000v devices operating on firmware versions 12.4.0. and 12.4.1 including an unauthenticated access control bypass flaw, tracked as CVE-2022-22282; an open redirection vulnerability, tracked as CVE-2022-1702; and a use of shared and hard-coded cryptographic key bug, tracked as CVE-2022-1701 to obtain unauthorized internal resource access and facilitate redirections to malicious sites, according to SonicWall.
However, SMA 1000 series devices on software earlier than 12.4.0, as well as Central Management Servers, SMA 100 series, and remote access clients were not impacted by the flaws.
"There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible," said the company, which noted that there has not been active exploitation of the reported bugs so far.