CVE-2025-23006

216.73.217.22

· Published 23/01/2025 12:15 · Modified 18/02/2025 20:15

Labels: CVE-2025-23006 2025-01-23 CVE-2025-23006 CWE-502 [email protected]

Essential information

Published: 23/01/2025 12:15
Modified: 18/02/2025 20:15
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

NVD status

Status: Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
sonicwall / sma8200v	`cpe:2.3:a:sonicwall:sma8200v::::::::`
sonicwall / sma6200 firmware	`cpe:2.3:o:sonicwall:sma6200_firmware::::::::`
sonicwall / sma6200	`cpe:2.3:h:sonicwall:sma6200:-:::::::*`
sonicwall / sma6210 firmware	`cpe:2.3:o:sonicwall:sma6210_firmware::::::::`
sonicwall / sma6210	`cpe:2.3:h:sonicwall:sma6210:-:::::::*`
sonicwall / sma7200 firmware	`cpe:2.3:o:sonicwall:sma7200_firmware::::::::`
sonicwall / sma7200	`cpe:2.3:h:sonicwall:sma7200:-:::::::*`
sonicwall / sma7210 firmware	`cpe:2.3:o:sonicwall:sma7210_firmware::::::::`
sonicwall / sma7210	`cpe:2.3:h:sonicwall:sma7210:-:::::::*`
sonicwall / sra ex6000 firmware	`cpe:2.3:o:sonicwall:sra_ex6000_firmware::::::::`
sonicwall / sra ex6000	`cpe:2.3:h:sonicwall:sra_ex6000:-:::::::*`
sonicwall / sra ex7000 firmware	`cpe:2.3:o:sonicwall:sra_ex7000_firmware::::::::`
sonicwall / sra ex7000	`cpe:2.3:h:sonicwall:sra_ex7000:-:::::::*`
sonicwall / sra ex9000 firmware	`cpe:2.3:o:sonicwall:sra_ex9000_firmware::::::::`
sonicwall / sra ex9000	`cpe:2.3:h:sonicwall:sra_ex9000:-:::::::*`