Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Related CVEs

CVE-2023-5970

Key Information

GHSA ID

GHSA-8w95-32fx-8c6h

Published

December 5, 2023 9:31 PM

Last Modified

December 13, 2023 6:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.