Security News > 2021 > September > SonicWall fixes critical bug allowing SMA 100 device takeover

SonicWall fixes critical bug allowing SMA 100 device takeover
2021-09-24 06:19

SonicWall has patched a critical security flaw impacting several Secure Mobile Access 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.

The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v. There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

SonicWall asked organizations using SMA 100 series appliances to immediately log in to MySonicWall.com to upgrade the appliances to the patched firmware versions outlined in the table embedded below.

SonicWall SMA 100 series appliances have been targeted by ransomware gangs multiple times since the start of 2021, with the end goal of moving laterally into the target organization's network.

A threat group Mandiant tracks as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 appliances to deploy a new ransomware strain known as FiveHands.

Two months ago, in July, SonicWall warned of an increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 series and Secure Remote Access products.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-fixes-critical-bug-allowing-sma-100-device-takeover/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-20034 Path Traversal vulnerability in Sonicwall products
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
network
low complexity
sonicwall CWE-22
critical
9.1
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153
SMA 42 0 0 8 8 16