Security News > 2022 > May > SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs

SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs
2022-05-13 15:38

SonicWall "Strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.

SonicWall SMA 1000 SSLVPN solutions are used by enterprises to simplify end-to-end secure remote access to corporate resources across on-prem, cloud, and hybrid data center environments.

"SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch," the company says in a security advisory published this week.

The security bugs impact the following SMA 1000 Series models: 6200, 6210, 7200, 7210, 8000v.

Of the three vulnerabilities, CVE-2022-22282 is the most severe as it allows unauthenticated attackers to bypass access control and gain access to internal resources.

In July 2021, SonicWall also warned of an increased risk of ransomware attacks targeting end-of-life SMA 100 series and Secure Remote Access products.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-strongly-urges-admins-to-patch-sslvpn-sma1000-bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-13 CVE-2022-22282 Unspecified vulnerability in Sonicwall products
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
network
low complexity
sonicwall
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153