Threat Response – SonicWall SMA 100 series vulnerabilities
On Tuesday December 7th SonicWall published information about multiple vulnerabilities in their SonicWall Secure Mobile Access (SMA) 100 series appliances . In this message, we want to warn you about the threat and inform you about the possible mitigation steps.
Of the 8 vulnerabilities published in total, 2 vulnerabilities (CVE-2021-20045 and CVE-2021-20038) allow an attacker to execute code on the devices remotely without authentication. SonicWall SMA 100 series appliances, including the SMA 200, 210, 400, 410 and 500v products, running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier are vulnerable to at least one of these vulnerabilities. SonicWall released firmware version 10.2.1.3-27sv with fixes for these vulnerabilities.
Besides the 2 vulnerabilities mentioned in the previous section, SonicWall published information on 6 more vulnerabilities with an impact ranging from medium to high. For a complete list of vulnerabilities and affected firmware versions please refer to . These 6 vulnerabilities can also be fixed by installing the firmware version 10.2.1.3-27sv released by SonicWall.
The affected SonicWall appliances are vulnerable to a complete takeover by an unauthenticated attacker through 1 or a combination of these vulnerabilities. After taking control of the SonicWall appliance the attacker gains access to the internal network. Because of this, we estimate the impact of these vulnerabilities as high.
Because the purpose of the SonicWall SMA appliances is to provide access to the internal network, they are often accessible from the public Internet. Although there are no public exploits or signs of exploitation for these vulnerabilities yet, we do expect to see this in the near future. For the aforementioned reasons, we estimate the risk of these vulnerabilities as high.
The vulnerabilities have been patched in firmware version 10.2.1.3-27sv. We advise to upgrade the SonicWall SMA to the latest version as soon as possible.
What will Northwave do?
Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.
E-mail: [email protected] Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)
Disclaimer applies, see below.