Security News > 2022 > January > Critical SonicWall NAC Vulnerability Stems from Apache Mods
Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server.
CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System.
It's a stack buffer overflow vulnerability that an attacker can exploit to gain complete control of a device or virtual machine that's running SonicWall's NAC solution.
The stack-based buffer overflow flaw discovered by Baines affects SonicWall SMA 100 series version: 10.2.1.1-19sv and is by far is the most dangerous for affected devices, and thus the most advantageous for attackers, he wrote.
Since edge-based NAC devices "Are especially attractive targets for attackers," Baines said it's essential that companies with networks that use SonicWall's SMA 100 series devices in whatever form apply SonicWall's update as quickly as possible to fix the issues, Baines said.
They include an "Improper neutralization of special elements used in an OS command," or OS command injection flaw with a rating of 7.2; a relative path traversal vulnerability with a rating of 6.5; a loop with unreachable exit condition, or infinite loop flaw with a rating of 7.5; and an unintended proxy or intermediary also known as a "Confused deputy" vulnerability with a rating of 6.5.
News URL
https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/
Related news
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-20038 | Out-of-bounds Write vulnerability in Sonicwall products A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. | 9.8 |