Security Alert (A21-12-03): Multiple Vulnerabilities in SonicWall SMA 100 Series Products


 

Published on: 09 December 2021

  
  

Description:

SonicWall has released a security advisory to address multiple vulnerabilities in SMA 100 series products. A remote unauthenticated attacker could exploit the vulnerabilities by sending specially crafted requests to an affected system.

 

Affected Systems:

  • SonicWall SMA 100 series prior to version 9.0.0.11-31sv
  • SonicWall SMA 100 series prior to version 10.2.0.8-37sv
  • SonicWall SMA 100 series prior to version 10.2.1.0-17sv
  • SonicWall SMA 100 series prior to version 10.2.1.1-19sv
  • SonicWall SMA 100 series prior to version 10.2.1.2-24sv

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to arbitrary command injection, buffer overflow, remote code execution, information disclosure, security restriction bypass or system crash of the affected system.

 

Recommendation:

Software updates or patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
  • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
  • https://www.cisa.gov/uscert/ncas/current-activity/2021/12/08/sonicwall-releases-security-advisory-sma-100-series-appliances
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20038 (to CVE-2021-20045)


Tag: SonicWall , SMA
Tags