CVE-2023-5970

Summary

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA10010.2.1.9-57sv and earlier versionsaffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References