Security News > 2022 > January > Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
2022-01-11 22:46

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.

This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.

This vuln affects Sonicwall SMA 100-series devices; check with Sonicwall on which firmware versions to upgrade to.

In additional, Baines found and privately disclosed four other Sonicwall SMA 100-series bugs, and again described them in detail today.

While Sonicwall insisted there is "No evidence" of exploitation attempts targeting these devices, now that patches and exploit info is out there, it may just be a matter of time before someone starts breaking into these appliances using all of this knowledge.

Last July, Sonicwall issued an emergency alert telling users of the SMA 200 and 400 to update their firmware immediately, following warnings from Mandiant of live exploit attempts.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/11/sonicwall_multiple_vulns/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153
SMA 42 0 0 8 8 16