Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
2025-01-23T12:15:28.523
2025-10-31T15:56:18.303
Analyzed
CVSSv3.1: 9.8 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sonicwall | sma8200v | < 12.4.3-02854 | Yes |
| Operating System | sonicwall | sma6200_firmware | < 12.4.3-02854 | Yes |
| Hardware | sonicwall | sma6200 | - | No |
| Operating System | sonicwall | sma6210_firmware | < 12.4.3-02854 | Yes |
| Hardware | sonicwall | sma6210 | - | No |
| Operating System | sonicwall | sma7200_firmware | < 12.4.3-02854 | Yes |
| Hardware | sonicwall | sma7200 | - | No |
| Operating System | sonicwall | sma7210_firmware | < 12.4.3-02854 | Yes |
| Hardware | sonicwall | sma7210 | - | No |
| Operating System | sonicwall | sra_ex6000_firmware | ≤ 12.4.3-02804 | Yes |
| Hardware | sonicwall | sra_ex6000 | - | No |
| Operating System | sonicwall | sra_ex7000_firmware | ≤ 12.4.3-02804 | Yes |
| Hardware | sonicwall | sra_ex7000 | - | No |
| Operating System | sonicwall | sra_ex9000_firmware | ≤ 12.4.3-02804 | Yes |
| Hardware | sonicwall | sra_ex9000 | - | No |