SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

Cyber Security

Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely.

Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings.

“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody,'” the San Jose-based firm noted in an advisory published Thursday. “There is no evidence that this vulnerability is being exploited in the wild.”

SonicWall credited Wenxu Yin of Alpha Lab, Qihoo 360, with reporting the security shortcoming, which impacts SMA 100 Series — SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v — running the following versions:

  • 9.0.0.10-28sv and earlier
  • 10.2.0.7-34sv and earlier
  • 10.2.1.0-17sv and earlier
Prevent Data Breaches

Given that there are no workarounds to remediate the attack vector and SonicWall devices have become a lucrative target for threat actors to deploy ransomware in recent months, customers are advised to implement applicable patches as soon as possible to mitigate any potential exploitation risk.

Products You May Like

Articles You May Like

Realme GT Neo 2T, Realme Q3s, Realme Watch T1 to Launch Today: Expected Price, Specifications
‘Squid Game’ has been watched by two-thirds of all Netflix users but didn’t move the needle on U.S. subscribers
YouTube is about to pull its apps from Roku, and the fight is going all the way to Congress
NASA Artemis Moon Mission Launch Planned for February 2022
Android 12 Causing Touch Response, App Crashing Issues for Some Google Pixel Phone Users

Leave a Reply

Your email address will not be published. Required fields are marked *