High Threat Security Alert (A21-09-24): Multiple Vulnerabilities in SonicWall SMA 100 Series Products


 

Published on: 27 September 2021

  
  

Description:

SonicWall has released a security advisory to address multiple vulnerabilities in SMA 100 series products.  A remote unauthenticated attacker could exploit the vulnerabilities by sending specially crafted requests to an affected system.

Reports indicate that the vulnerability (CVE-2021-20034) in SonicWall SMA 100 series products is at high risk of exploitation. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • SonicWall SMA 100 series prior to version 9.0.0.11-31sv
  • SonicWall SMA 100 series prior to version 10.2.0.8-37sv
  • SonicWall SMA 100 series prior to version 10.2.1.1-19sv

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to arbitrary command injection, privilege escalation, or security restriction bypass on the affected system.

 

Recommendation:

Software updates or patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
  • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0020
  • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021
  • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20034 (to CVE-2021-20035)


Tag: SonicWall , SMA
Tags