A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 6
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Sonicwall Sma_210_Firmware
cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
|
— |
10.2.2.3
|
|
Sonicwall Sma_210
cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*
|
— | — |
|
Sonicwall Sma_410_Firmware
cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
|
— |
10.2.2.3
|
|
Sonicwall Sma_410
cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*
|
— | — |
|
Sonicwall Sma_500v_Firmware
cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
|
— |
10.2.2.3
|
|
Sonicwall Sma_500v
cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*
|
— | — |