Description
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
Published: 2026-04-09
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Enumeration
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an observable response discrepancy that allows attackers to determine valid SSL VPN usernames on a SonicWall SMA1000 appliance. It is a CWE-204 type flaw, where differences in the service’s responses are used as a side‑channel to enumerate user credentials, potentially exposing sensitive login information and enabling further credential‑based attacks if passwords are weak.

Affected Systems

All models of the SonicWall SMA1000 series are affected; the advisory does not list specific firmware or model revisions, so any installed SMA1000 unit should be considered vulnerable until an official update is released.

Risk and Exploitability

The CVSS score of 7.2 places this issue in the high‑severity range, but the EPSS figure of less than 1% indicates that exploitation has not yet been observed or is rare. It is not listed in the CISA KEV catalog. Attackers are likely to use a remote, unauthenticated method that observes timing or content differences in server responses to enumerate usernames. If enumeration succeeds, valid usernames can be leveraged for further attacks, especially if passwords are weak or reused.

Generated by OpenCVE AI on April 13, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SonicWall SMA1000 firmware to the latest version that fixes the response‑discrepancy flaw.
  • Restrict external access to the SSL VPN interface to trusted IP addresses or subnets if a patch is not yet available.
  • Consider disabling the SSL VPN service when it is not required.
  • Monitor VPN logs for repeated attempts to observe response discrepancies that may indicate enumeration attempts.
  • Contact SonicWall support for any interim mitigation advice.

Generated by OpenCVE AI on April 13, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SSL VPN Credential Enumeration via Observable Response Discrepancy on SonicWall SMA1000

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title SSL VPN Credential Enumeration via Observable Response Discrepancy on SonicWall SMA1000

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall sma1000
Vendors & Products Sonicwall
Sonicwall sma1000

Thu, 09 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
Weaknesses CWE-204
References

Subscriptions

Sonicwall Sma1000
cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published:

Updated: 2026-04-13T18:27:04.538Z

Reserved: 2026-03-13T11:57:20.974Z

Link: CVE-2026-4113

cve-icon Vulnrichment

Updated: 2026-04-13T18:26:55.843Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-09T15:16:13.683

Modified: 2026-04-13T19:16:52.533

Link: CVE-2026-4113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:36:57Z

Weaknesses