CVE-2023-5970

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 5, 2023

Updated: Dec 13, 2023

CWE ID 287

Summary

CVE-2023-5970 is a cybersecurity vulnerability affecting the SMA100 SSL-VPN virtual office portal. This issue involves an improper authentication process that enables a remote authenticated attacker to create an identical external domain user account using accent characters. As a result, the attacker can bypass Multi-Factor Authentication (MFA), potentially gaining unauthorized access to sensitive information. The vulnerability poses a significant risk to organizations using this SSL-VPN solution and requires immediate attention for patching or mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SonicWall Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tTE2Ze
https://www.cve.org/CVERecord?id=CVE-2023-5970
https://nvd.nist.gov/vuln/detail/CVE-2023-5970

Back to Vulnerability Database

CVE-2023-5970

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations