Security News
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.
Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System.
SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022. The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.
SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although there's currently no evidence of these bugs being exploited in active attacks, threat actors have been known to target these appliances in the past by leveraging known and zero-day vulnerabilities.
Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. CVE-2021-20039 - SMA 100 Series authenticated command injection vulnerability as root.
Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. "The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.
SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical."SonicWall urges impacted customers to implement applicable patches as soon as possible," the company says in a security advisory published Tuesday.
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings.
SonicWall has patched a critical security flaw impacting several Secure Mobile Access 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v. There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.
CISA warns of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access 100 series and Secure Remote Access products with end-of-life firmware. CISA urges users and administrators to review the SonicWall security notice and upgrade their devices to the latest firmware or immediately disconnect all end-of-life appliances.