Description
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- SonicWall / SonicWall SRA/SMA1008.x firmware – 8.x firmware
- SonicWall / SonicWall SRA/SMA1009.0.0.9-26sv and earlier. – 9.0.0.9-26sv and earlier.