Security News > 2021 > September > SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
2021-09-24 22:41

Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely.

Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings.

"The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody,'" the San Jose-based firm noted in an advisory published Thursday.

9.0.0.10-28sv and earlier.

10.2.0.7-34sv and earlier.

Given that there are no workarounds to remediate the attack vector and SonicWall devices have become a lucrative target for threat actors to deploy ransomware in recent months, customers are advised to implement applicable patches as soon as possible to mitigate any potential exploitation risk.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/XZ03V3AHhdQ/sonicwall-issues-patches-for-new.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-20034 Path Traversal vulnerability in Sonicwall products
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
network
low complexity
sonicwall CWE-22
6.4
6.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 128 6 89 44 32 171
SMA 42 0 2 6 8 16