SonicWall ‘Strongly Urges’ Customers to Fix Critical SMA 100 Bugs

SonicWall “strongly urges” organizations using SMA 100 series appliances to immediately patch them against several security vulnerabilities rated with CVSS scores ranging from medium to critical.

The bugs (reported by Rapid7’s Jake baines and NCC Group Richard warren) impact SMA 200, 210, 400, 410, and 500v appliances even when Web Application Firewall (WAF) is enabled.

The highest gravity faults fixed by SonicWall this week are CVE-2021-20038 and CVE-2021-20045, two critical stack-based buffer overflow vulnerabilities that can allow remote unauthenticated attackers to run as a “person” user in compromised appliances.

Other bugs fixed by the company on Tuesday allow authenticated threat actors to obtain remote code execution, inject arbitrary commands, or download web pages and crafted files to any directory in the world. appliance after successful operation.

However, the most dangerous if left unchecked is CVE-2021-20039. This high severity security issue can allow authenticated attackers to inject arbitrary commands as the root user, leading to a remote takeover of unpatched devices.

Fortunately, SonicWall says he has yet to find any evidence of any of these wild-exploited security vulnerabilities.

CVE Summary CVSS score
CVE-2021-20038 Unauthenticated stack-based buffer overflow 9.8 High
CVE-2021-20039 Root authenticated command injection vulnerability 7.2 High
CVE-2021-20040 Unauthenticated file download path traversal vulnerability 6.5 Medium
CVE-2021-20041 Unauthenticated CPU exhaustion vulnerability 7.5 High
CVE-2021-20042 “Confused Assistant” unauthenticated vulnerability 6.3 Medium
CVE-2021-20043 GetBookmarks heap-based buffer overflow 8.8 High
CVE-2021-20044 Post-Authentication Remote Code Execution (RCE) 7.2 High
CVE-2021-20045 Multiple unauthenticated file explorer heap and stack based buffer overflows 9.4 High

“SonicWall urges affected customers to implement applicable fixes as soon as possible,” the company said in a safety notice published Tuesday.

Customers using SMA 100 series appliances are advised to immediately connect to their accounts to upgrade the firmware to the versions described in this SonicWall PSIRT review.

Upgrade assistance on how to upgrade firmware on SMA 100 devices is available in this knowledge base article or by contacting SonicWall support.

To put the importance of fixing these security holes in perspective, SonicWall SMA 100 appliances have been the target of several ransomware gangs since early 2021.

For example, Mandiant said in April that the CVE-2021-20016 The zero-day SMA 100 was exploited to deploy a new strain of ransomware known as FiveHands from January, when it was also used to target internal systems at SonicWall. Prior to the release of the patches in late February 2021, the same bug was indiscriminately abused in nature.

In July, SonicWall also warned of the increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 and Secure Remote Access products. However, CrowdStrike, security researchers at Coveware and CISA have warned that SonicWall appliances are already targeted by the HelloKitty ransomware.

SonicWall products are used by more than 500,000 professional customers from 215 countries and territories around the world, many deployed on the networks of the world’s largest companies and government agencies.

Previous 5 Best Debt Credit Card Consolidation Loans of 2021
Next Hackers infect random WordPress plugins to steal credit cards