vulnerability

SonicWall SMA 100: CVE-2023-5970: SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Dec 5, 2023	Apr 30, 2025	Nov 12, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Dec 5, 2023

Added

Apr 30, 2025

Modified

Nov 12, 2025

Description

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Solution

sonicwall-sma-100-upgrade-10_2_1_10-62

References

CVE-2023-5970
https://attackerkb.com/topics/CVE-2023-5970
CWE-287
URL-https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018
URL-https://www.sonicwall.com/support/notices/231127094418307

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today