QwikSec

Security Database

CVE

CWE

Training

CVE-2023-44221

Published: Dec 5, 2023

Modified: Oct 21, 2025

PUBLISHED

Description

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

Vendor	Product	Versions
SonicWall	SMA100	affected `10.2.1.9-57sv and earlier versions`

Weaknesses (CWE)

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.