Security News > 2022 > January > Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.
This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.
This vuln affects Sonicwall SMA 100-series devices; check with Sonicwall on which firmware versions to upgrade to.
In additional, Baines found and privately disclosed four other Sonicwall SMA 100-series bugs, and again described them in detail today.
While Sonicwall insisted there is "No evidence" of exploitation attempts targeting these devices, now that patches and exploit info is out there, it may just be a matter of time before someone starts breaking into these appliances using all of this knowledge.
Last July, Sonicwall issued an emergency alert telling users of the SMA 200 and 400 to update their firmware immediately, following warnings from Mandiant of live exploit attempts.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/11/sonicwall_multiple_vulns/
Related news
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Beyond VPN: How TruGrid Simplifies RDP Deployment, Security, and Compliance (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Speedify VPN Review 2025: Features, Security, and Performance (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)