
PEACH
Un cadre d’isolation des locataires
CVE-2026-15410 is a post-authentication code injection vulnerability (CWE-94) in the SonicWall SMA1000 Appliance Management Console (AMC) that allows a remote authenticated attacker with administrator privileges to execute arbitrary OS commands under specific conditions. It affects SMA1000 firmware versions 12.4.3-03245 through 12.4.3-03434 and 12.5.0-02283 through 12.5.0-02800. The vulnerability was published on July 14, 2026, and was immediately added to the CISA Known Exploited Vulnerabilities (KEV) catalog the same day with a remediation due date of July 17, 2026. It carries a CVSS v3.1 base score of 7.2 (High) (SonicWall PSIRT, CISA KEV).
The vulnerability is classified as CWE-94 (Improper Control of Generation of Code / Code Injection) and resides in the SMA1000 Appliance Management Console (AMC). An authenticated attacker with administrator-level access can inject malicious code through the AMC interface that is subsequently executed as OS commands on the underlying system under specific conditions. Because exploitation requires prior administrative authentication, the attack complexity is low but the privilege requirement is high, limiting the attack surface to compromised or malicious admin accounts. No detailed public technical write-up or PoC exploit code with confirmed working functionality has been identified at this time (SonicWall PSIRT, CISA KEV).
Successful exploitation grants a remote attacker the ability to execute arbitrary OS commands on the SMA1000 appliance, resulting in full compromise of confidentiality, integrity, and availability of the affected device. An attacker could use this access to exfiltrate VPN credentials and session data, pivot into internal network segments protected by the SMA1000, deploy persistent backdoors, or disrupt remote access services for enterprise users. Given the SMA1000's role as a secure remote access gateway, compromise of the appliance poses significant risk of lateral movement into the broader enterprise network (SonicWall PSIRT, BleepingComputer).
/bin/sh, /bin/bash, or utilities like curl, wget, nc); unusual cron jobs or scheduled tasks created on the appliance.SonicWall has issued an urgent security advisory (SNWLID-2026-0008) and organizations should apply the vendor-provided patches immediately. Affected versions are SMA1000 12.4.3-03245 through 12.4.3-03434 and 12.5.0-02283 through 12.5.0-02800; users should upgrade to the fixed firmware versions referenced in the SonicWall advisory. CISA's BOD 26-04 mandates that federal agencies apply mitigations by July 17, 2026, or discontinue use of the product if mitigations are unavailable. As interim workarounds, restrict AMC access to trusted administrator IPs only via firewall rules or ACLs, enforce multi-factor authentication on all administrative accounts, and monitor AMC logs for anomalous activity. Network segmentation to isolate the SMA1000 management interface from general network access is also strongly recommended (SonicWall PSIRT, CISA KEV).
SonicWall issued an urgent advisory urging immediate patching, describing the vulnerabilities as actively exploited zero-days (SonicWall PSIRT). BleepingComputer and The Hacker News both published prominent coverage highlighting the zero-day nature of the attacks and the pairing with CVE-2026-15409, driving significant community attention (BleepingComputer, The Hacker News). SecurityWeek noted the urgency of the patch warning, and Security Affairs covered CISA's addition of the flaws to the KEV catalog. Multiple national CERTs including Canada's CCCS, Singapore's CSA, and Hong Kong's HKCERT issued independent advisories, reflecting broad international concern about the active exploitation (Canadian CCCS, Singapore CSA). Reddit communities including r/cybersecurity and r/sonicwall saw active discussion urging immediate patching of affected appliances.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."