—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Local Privilege Escalation Vulnerability in SonicWall SMA1000 Appliance 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

SonicWall SMA1000 versions prior to 12.4.3-03245 (platform-hotfix)

SonicWall SMA1000 versions prior to 12.5.0-02283 (platform-hotfix)

Overview

A vulnerability has been reported in the SonicWall SMA1000 appliance, which could be exploited by an attacker to gain elevated privileges and gain unauthorized access on the targeted device.

Target Audience:

All organizations and individuals using SonicWall SMA1000 appliances.

Risk Assessment:

High risk of privilege escalation and unauthorized administrative access.

Impact Assessment:

Potential for elevated privileges, unauthorized configuration changes, and compromise of appliance security.

Description

SonicWall SMA1000 is a secure remote access appliance that provides VPN connectivity and centralized management for enterprise environments through its Appliance Management Console (AMC).

This vulnerability exists in the SonicWall SMA1000 due to insufficient authorization checks within the Appliance Management Console, allowing a low-privileged user to perform actions beyond their assigned permissions.

Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain elevated privilages on the targeted device.

Note: SonicWall Firewall products are not affected by this vulnerability.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

Vendor Information

SonicWall

https://psirt.global.sonicwall.com/vuln-list

References

 

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

CVE Name

CVE-2025-40602

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlFXHoACgkQ3jCgcSdc

ys/NGw//aP+oWSEuw9vI491AebI5cTF37tIZ4njtHZWbkFz5MsKSP6Fb8KzHyVTF

H8wXFIJAodOTojkK+bGsVC7ZHbHeW9THKmjelDVHMGEozEjmXivoZ/tehEIjM8eJ

7+vaJsExQERTiGwL+MlJXsAEHm3Wz870Zp6BNJhLJHOF6EU5TCyiRiCZzBg136e5

rUfzMo2MMyuvkTbtLuYcJpm8XvP8IQZZ/Tl8afuxDVexBodROujj8an7hB0VrFx4

bChOQ3mnL7jG7xhAqsqi4VdL/QG3Ahgtd1JI8oaPAlLfqWMufP+6GxJc0e2FwkYq

8F5Nmy4x8iseYjxx3OKbu0+bTvBN1rkPFj+MxYbs9Nt3mgAzilTwG7KPl222e173

ZOW5I7OYPQeZyo6YTc2DwzC5ApY+US9JuQoLlcX/J5LhrkTc/Qg1G3qDpH6yRslx

b2eFoh8dy0zNUlY383FTIn4CvVU6JrGv7uLekQmuw6NhWY/l/wBN3nGHgTAy6YVK

xSpfNCD6S5MgKYemLD9L+KaerXY+FekDR9r+nyqCnYz1nlQ6MRSEkfLYZ+ymzxf7

STwaFOCd8eiVbtWtjH9UvK1AQsC3aECkgKZ+kKtmdL7xTbSIKWOv6AupF2tsNp9t

Utw0QXMGsyVxfrVFcsbY32oVaJ21owxLQVmx0CK7Y7fSRthAW4A=

=lEhh

—–END PGP SIGNATURE—–