Security News > 2022 > May > SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs
SonicWall "Strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.
SonicWall SMA 1000 SSLVPN solutions are used by enterprises to simplify end-to-end secure remote access to corporate resources across on-prem, cloud, and hybrid data center environments.
"SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch," the company says in a security advisory published this week.
The security bugs impact the following SMA 1000 Series models: 6200, 6210, 7200, 7210, 8000v.
Of the three vulnerabilities, CVE-2022-22282 is the most severe as it allows unauthenticated attackers to bypass access control and gain access to internal resources.
In July 2021, SonicWall also warned of an increased risk of ransomware attacks targeting end-of-life SMA 100 series and Secure Remote Access products.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-13 | CVE-2022-22282 | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |