Security News > 2021 > December > SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.
"SonicWall urges impacted customers to implement applicable patches as soon as possible," the company says in a security advisory published Tuesday.
Customers using SMA 100 series appliances are advised to immediately log in to their MySonicWall.com accounts to upgrade the firmware to versions outlined in this SonicWall PSIRT Advisory.
To put the importance of patching these security flaws into perspective, SonicWall SMA 100 appliances have been targeted by ransomware gangs multiple times since the start of 2021.
Mandiant said in April that the CVE-2021-20016 SMA 100 zero-day was exploited to deploy a new ransomware strain known as FiveHands starting with January when it was also used to target SonicWall's internal systems.
In July, SonicWall also warned of the increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 series and Secure Remote Access products.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2021-20016 | SQL Injection vulnerability in Sonicwall products A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 7.5 |