Security News > 2021 > June > Ransomware attackers are leveraging old SonicWall SRA flaw (CVE-2019-7481)
Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 - an older SQL injection vulnerability affecting SonicWall Secure Remote Access 4600 devices running firmware versions 8.x and 9.x - to penetrate organizations' networks.
"In some recent investigations, CrowdStrike's Incident Response team has had correlative evidence indicating a root cause via VPN access without brute forcing. These investigations have a common denominator: All organizations used SonicWall SRA VPN appliances running 9.0.0.5 firmware," researchers Heather Smith and Hanno Heinrichs noted.
Support for SonicWall SRA 4600 devices ended on 1 November 2019 and, since then, the company has been advising customers to upgrade to a newer, supported device line.
We all know that unsupported devices are often not promptly replaced, so the SonicWall PSIRT also told customers that older SRA devices could be patched by implementing SMA firmware updates.
It turns out that firmware version 9.0.0.5, the recommended patch prescribed for SMA devices in 2019, did not fix CVE-2019-7481 in SRA devices.
"While SonicWall's recommendation is to upgrade any legacy SRA devices to the 10.x versioning recommended in light of the 2021 zero-day disclosure, CrowdStrike would additionally recommend that organizations consider replacing any legacy models for newer devices that are in-scope for vendor testing and support," the researchers added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EksLOMdbyDg/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-7481 | SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. | 7.5 |