Threat Response – SonicWall SMA 100 series vulnerabilities

08-12-2021

On Tuesday December 7th SonicWall published information about multiple vulnerabilities in their SonicWall Secure Mobile Access (SMA) 100 series appliances [1]. In this message, we want to warn you about the threat and inform you about the possible mitigation steps.

Description

Of the 8 vulnerabilities published in total, 2 vulnerabilities (CVE-2021-20045 and CVE-2021-20038) allow an attacker to execute code on the devices remotely without authentication. SonicWall SMA 100 series appliances, including the SMA 200, 210, 400, 410 and 500v products, running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier are vulnerable to at least one of these vulnerabilities. SonicWall released firmware version 10.2.1.3-27sv with fixes for these vulnerabilities.

Besides the 2 vulnerabilities mentioned in the previous section, SonicWall published information on 6 more vulnerabilities with an impact ranging from medium to high. For a complete list of vulnerabilities and affected firmware versions please refer to [1]. These 6 vulnerabilities can also be fixed by installing the firmware version 10.2.1.3-27sv released by SonicWall.

Impact

The affected SonicWall appliances are vulnerable to a complete takeover by an unauthenticated attacker through 1 or a combination of these vulnerabilities. After taking control of the SonicWall appliance the attacker gains access to the internal network. Because of this, we estimate the impact of these vulnerabilities as high.

Risk

Because the purpose of the SonicWall SMA appliances is to provide access to the internal network, they are often accessible from the public Internet. Although there are no public exploits or signs of exploitation for these vulnerabilities yet, we do expect to see this in the near future. For the aforementioned reasons, we estimate the risk of these vulnerabilities as high.

Mitigation

The vulnerabilities have been patched in firmware version 10.2.1.3-27sv. We advise to upgrade the SonicWall SMA to the latest version as soon as possible.

What will Northwave do?

Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.

E-mail: [email protected] Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.