Security News > 2022 > January > Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.
This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.
This vuln affects Sonicwall SMA 100-series devices; check with Sonicwall on which firmware versions to upgrade to.
In additional, Baines found and privately disclosed four other Sonicwall SMA 100-series bugs, and again described them in detail today.
While Sonicwall insisted there is "No evidence" of exploitation attempts targeting these devices, now that patches and exploit info is out there, it may just be a matter of time before someone starts breaking into these appliances using all of this knowledge.
Last July, Sonicwall issued an emergency alert telling users of the SMA 200 and 400 to update their firmware immediately, following warnings from Mandiant of live exploit attempts.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/11/sonicwall_multiple_vulns/
Related news
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Speedify VPN Review: Features, Security & Performance (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)