SonicWall PSIRT has confirmed an Encoded URL Server-Side Request Forgery vulnerability affecting SMA 1000 appliances, including SMA 6210, SMA 7200, SMA 7210, SMA 8200v & Central Management Server (CMS).
SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.
This vulnerability is unrelated to any other reported vulnerability on SonicOS SSL VPN or SMA 100 products.
Impacted products include SMA 1000 (6210, 7200, 7210, 8200v – all hypervisors) and impacted versions include 12.4.3-02925 and earlier versions.
SonicWall strongly advises Secure Mobile Access customers to upgrade to the latest release version.
