An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN u…
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
https://cwe.mitre.org/data/definitions/204.html →Open in CWE collection →An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.
https://capec.mitre.org/data/definitions/331.html →Open in CAPEC collection →An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors.
https://capec.mitre.org/data/definitions/332.html →Open in CAPEC collection →An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
https://capec.mitre.org/data/definitions/541.html →Open in CAPEC collection →An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
https://capec.mitre.org/data/definitions/580.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| sma6200_firmware | * | Tracked |
| sma6210_firmware | * | Tracked |
| sma7200_firmware | * | Tracked |
| sma7210_firmware | * | Tracked |
| sma8200v | * | Tracked |