SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs

SonicWall ‘strongly urges’ organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.

The bugs (reported by Rapid7’s Jake Baines and NCC Group’s Richard Warren) impact SMA 200, 210, 400, 410, and 500v appliances even when the web application firewall (WAF) is enabled.

The highest severity flaws patched by SonicWall this week are CVE-2021-20038 and CVE-2021-20045, two critical Stack-based buffer overflow vulnerabilities that can let remote unauthenticated attackers execute as the ‘nobody’ user in compromised appliances.

Other bugs patched by the company on Tuesday enable authenticated threat actors to gain remote code execution, inject arbitrary commands, or upload crafted web pages and files to any directory in the appliance following successful exploitation.

However, the most dangerous one if left unpatched is CVE-2021-20039. This high severity security issue can let authenticated attackers inject arbitrary commands as the root user leading to a remote takeover of unpatched devices.

Luckily, SonicWall says that it hasn’t yet found any evidence of any of these security vulnerabilities being exploited in the wild.

CVESummaryCVSS Score
CVE-2021-20038Unauthenticated Stack-based Buffer Overflow9.8 High
CVE-2021-20039Authenticated Command Injection Vulnerability as Root7.2 High
CVE-2021-20040Unauthenticated File Upload Path Traversal Vulnerability6.5 Medium
CVE-2021-20041Unauthenticated CPU Exhaustion Vulnerability7.5 High
CVE-2021-20042Unauthenticated “Confused Deputy” Vulnerability6.3 Medium
CVE-2021-20043getBookmarks Heap-based Buffer Overflow8.8 High
CVE-2021-20044Post-Authentication Remote Code Execution (RCE)7.2 High
CVE-2021-20045Multiple Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows9.4 High

“SonicWall urges impacted customers to implement applicable patches as soon as possible,” the company says in a security advisory published Tuesday.

Customers using SMA 100 series appliances are advised to immediately log in to their MySonicWall.com accounts to upgrade the firmware to versions outlined in this SonicWall PSIRT Advisory.

Upgrade assistance on how to upgrade the firmware on SMA 100 appliances is available in this knowledgebase article or by contacting SonicWall’s support.

To put the importance of patching these security flaws into perspective, SonicWall SMA 100 appliances have been targeted by ransomware gangs multiple times since the start of 2021.

For instance, Mandiant said in April that the CVE-2021-20016 SMA 100 zero-day was exploited to deploy a new ransomware strain known as FiveHands starting with January when it was also used to target SonicWall’s internal systems. Before patches were released in late February 2021, the same bug was abused indiscriminately in the wild.

In July, SonicWall also warned of the increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 series and Secure Remote Access products. However, CrowdStrike, Coveware security researchers, and CISA warned that SonicWall appliances were already targeted by HelloKitty ransomware.

SonicWall’s products are used by over 500,000 business customers from 215 countries and territories worldwide, many deployed on the networks of the world’s largest companies and government agencies.

NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only

Click Here to visit the official store of SonicWall in Pakistan