What is the severity of CVE-2024-22395?

CVE-2024-22395 has been assessed as a medium severity vulnerability due to improper access control leading to potential multi-factor authentication (MFA) association issues.

How do I fix CVE-2024-22395?

To mitigate CVE-2024-22395, upgrade your SonicWall SMA firmware to version 10.2.1.11-65sv or later.

Which devices are affected by CVE-2024-22395?

CVE-2024-22395 affects SonicWall SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v firmware versions prior to 10.2.1.11-65sv.

Can CVE-2024-22395 be exploited remotely?

Yes, CVE-2024-22395 may allow a remote authenticated attacker to exploit the vulnerability under certain conditions.

What are the implications of CVE-2024-22395?

The implications of CVE-2024-22395 include unauthorized access to another user's MFA application, which could lead to compromised accounts.

Vulnerability/
CVE-2024-22395

medium

6.3

CWE

287

23/2/2024

5/12/2024

CVE-2024-22395

First published: Fri Feb 23 2024(Updated: )

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

Credit: PSIRT@sonicwall.com

Affected Software	Affected Version	How to fix
All of
SonicWall SMA 200	<10.2.1.11-65sv
SonicWall SMA 200 firmware
All of
SonicWall SMA 210	<10.2.1.11-65sv
SonicWall SMA 210 Firmware
All of
SonicWall SMA 400	<10.2.1.11-65sv
SonicWall SMA 400 firmware
All of
SonicWall SMA 410	<10.2.1.11-65sv
SonicWall SMA 410
All of
SonicWall SMA 500v Firmware	<10.2.1.11-65sv
SonicWall SMA 500v Firmware

Never miss a vulnerability like this again

Reference Links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0001

Frequently Asked Questions

What is the severity of CVE-2024-22395?
CVE-2024-22395 has been assessed as a medium severity vulnerability due to improper access control leading to potential multi-factor authentication (MFA) association issues.
How do I fix CVE-2024-22395?
To mitigate CVE-2024-22395, upgrade your SonicWall SMA firmware to version 10.2.1.11-65sv or later.
Which devices are affected by CVE-2024-22395?
CVE-2024-22395 affects SonicWall SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v firmware versions prior to 10.2.1.11-65sv.
Can CVE-2024-22395 be exploited remotely?
Yes, CVE-2024-22395 may allow a remote authenticated attacker to exploit the vulnerability under certain conditions.
What are the implications of CVE-2024-22395?
The implications of CVE-2024-22395 include unauthorized access to another user's MFA application, which could lead to compromised accounts.

agent/weakness
agent/references
agent/first-publish-date
agent/type
agent/description
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sonicwall
canonical/sonicwall sma 200 firmware
canonical/sonicwall sma 210
canonical/sonicwall sma 210 firmware
canonical/sonicwall sma 400 firmware
canonical/sonicwall sma 410
canonical/sonicwall sma 500v firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.