CVE-2023-5970

EPSS 0.9%CWE-287

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Affected products

SonicWall · SMA100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018