← Advisories

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Medium

Advisory ID

ZSL-2016-5392

Release Date

29 December 2016

Vendor

Dell Inc. - https://www.sonicwall.com/products/secure-mobile-access/

Affected Version

8.1 (SSL-VPN)

CVE

N/A

Tested On

SonicWALL SSL-VPN Web Server

Summary

Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access (SMA) appliances and intuitive Mobile Connect apps to fit every size business and budget.

Description

SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. The WAF was bypassed via form-based CSRF.

Proof of Concept

sonicwall_sslvpn.txtTXT

Disclosure Timeline

26.01.2016Vulnerability discovered.

29.01.2016Vendor contacted.

29.01.2016Vendor responds asking more details providing PGP keys.

29.01.2016Sent details to the vendor.

29.01.2016Vendor confirms receipt of the issues forwarding to engineering team.

12.02.2016Asked vendor for status update.

12.02.2016Vendor confirms the issues scheduling a patch release.

23.02.2016Asked vendor for status update.

24.02.2016Vendor replied.