A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 14 May 2025 17:45:00 +0000

Type Values Removed Values Added
References

Tue, 13 May 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall sma1000
Sonicwall sma1000 Firmware
CPEs cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma1000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sonicwall
Sonicwall sma1000
Sonicwall sma1000 Firmware

Fri, 02 May 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 01 May 2025 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}


Wed, 30 Apr 2025 20:45:00 +0000

Type Values Removed Values Added
References

Wed, 30 Apr 2025 19:00:00 +0000

Type Values Removed Values Added
Description A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.
Weaknesses CWE-918
References

cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published:

Updated: 2025-05-14T16:34:26.710Z

Reserved: 2025-03-10T14:56:38.795Z

Link: CVE-2025-2170

cve-icon Vulnrichment

Updated: 2025-04-30T20:03:18.901Z

cve-icon NVD

Status : Modified

Published: 2025-04-30T19:15:55.227

Modified: 2025-05-14T17:15:47.997

Link: CVE-2025-2170

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.