Security News > 2021 > February > SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks

SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks
2021-02-04 12:15

SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access 100 series appliances to patch an actively exploited zero-day vulnerability.

Which specializes in firewalls and other cybersecurity solutions, previously told SecurityWeek that a few thousand devices are exposed to attacks due to the vulnerability.

The critical patch can be applied to SMA 200, 210, 400 and 410 physical appliances, and SMA 500v virtual appliances on Azure, AWS, ESXi and Hyper-V. Other SonicWall products do not appear to be impacted.

"A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker," reads SonicWall's advisory for CVE-2021-20016.

SonicWall informed customers on January 22 that its internal systems were targeted in an attack apparently launched by sophisticated threat actors that may have exploited zero-day vulnerabilities in the company's secure remote access products.

Until the patches were made available, SonicWall shared some recommendations on how customers can prevent potential attacks, including by enabling multi-factor authentication, blocking access to appliances on the firewall, shutting down vulnerable devices, or downgrading firmware to a version that is not affected.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/JhcZy_eB1TM/sonicwall-patches-sma-zero-day-vulnerability-exploited-attacks

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153
SMA 42 0 0 8 8 16