Security News

Successful exploitation can let remote unauthenticated attackers execute code as the 'nobody' user in compromised SonicWall appliances. "There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible," the company said in December after releasing CVE-2021-20038 security updates adding that it found no evidence the bug was exploited in the wild at the time.

In a weekend update, SonicWall said the widespread reboot loops that impacted next-gen firewalls worldwide were caused by signature updates published on Thursday evening not being correctly processed. While SonicWall provided a workaround to revive the impacted firewalls by disabling incremental updates to IDP, GAV, and SPY signature databases, the company didn't explain what was causing the issues.

Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop. SonicWall's Gen7 firewalls are the company's newest firewall devices providing users with encrypted traffic inspection, malware analysis, and cloud app security capabilities.

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System.

SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022. The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.

SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although there's currently no evidence of these bugs being exploited in active attacks, threat actors have been known to target these appliances in the past by leveraging known and zero-day vulnerabilities.

Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. CVE-2021-20039 - SMA 100 Series authenticated command injection vulnerability as root.

Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. "The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.

SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical."SonicWall urges impacted customers to implement applicable patches as soon as possible," the company says in a security advisory published Tuesday.