Security News > 2021 > December > Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
2021-12-08 19:16

Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root.

"The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.

SonicWall has issued patches for the bugs, which affect versions of its SMA 200, 210, 400, 410 and 500v products.

The vendor said that so far, there's no evidence that these vulnerabilities are being exploited in the wild, but patching should be on the agenda given that SonicWall devices are a hot target for cyberattackers.

In July, SonicWall issued an urgent security alert warning customers that an "Imminent ransomware campaign using stolen credentials" was actively targeting known vulnerabilities in the SMA 100 series and its Secure Remote Access VPN appliances.

In January, security firm Tenable warned that "Highly sophisticated threat actors" were exploiting CVE-2021-20016, a critical SQL injection vulnerability in SMA 100 devices.


News URL

https://threatpost.com/critical-sonicwall-vpn-bugs-appliance-takeover/176869/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 127 6 88 44 32 170