CVE-2023-5970

CVE-2023-5970

Vendor Sonicwall
Product SMA100
Weakness CWE-287 · Improper authentication
Published December 5, 2023
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
August 2, 2024 Record updated