Security News > 2021 > December > SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs

SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
2021-12-08 13:11

SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.

"SonicWall urges impacted customers to implement applicable patches as soon as possible," the company says in a security advisory published Tuesday.

Customers using SMA 100 series appliances are advised to immediately log in to their MySonicWall.com accounts to upgrade the firmware to versions outlined in this SonicWall PSIRT Advisory.

To put the importance of patching these security flaws into perspective, SonicWall SMA 100 appliances have been targeted by ransomware gangs multiple times since the start of 2021.

Mandiant said in April that the CVE-2021-20016 SMA 100 zero-day was exploited to deploy a new ransomware strain known as FiveHands starting with January when it was also used to target SonicWall's internal systems.

In July, SonicWall also warned of the increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 series and Secure Remote Access products.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-strongly-urges-customers-to-patch-critical-sma-100-bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153
SMA 42 0 0 8 8 16