Description
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Affected products
- SonicWall / SonicOS7.1.1-7058 and older versions β 7.1.1-7058 and older versions
- SonicWall / SonicOS7.1.2-7019 β 7.1.2-7019
- SonicWall / SonicOS8.0.0-8035 β 8.0.0-8035
Exploits & PoCs
- nucleiSSL VPN Session Hijackingby johnk3r