Primary

Context

SonicWall SMA1000 Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability exists in the SonicWall SMA1000 Appliance Work Place interface. This vulnerability allows remote, unauthenticated attackers to send encoded URLs that the appliance will use to make requests to unintended locations. The issue is present in SMA1000 versions through 12.4.3-02925.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to unauthorized information disclosure or interaction with internal services.

Remediation

Users are advised to upgrade to SonicWall SMA1000 version 12.4.3-02963 or higher. The latest platform-hotfix can be downloaded from mysonicwall.com.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SonicWall SMA1000 Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SonicWall SMA1000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating