Recently, the well-known firewall brand SonicWALL expressed its strong urgency to securely install security patches in time using the SMA 100 series equipment. These patches can solve the plurality of security vulnerabilities facing their products, some of which are rated as a serious vulnerability.
Currently, SonicWall has verified and repaired a drain in the SMA 100 series devices (including SMA 200, 210, 400, 410, and 500V products). There is no doubt that these vulnerabilities have seriously affected the function of the SMA 100 series equipment and WAF, so SonicWALL strongly urges companies to fix the SMA 100 series products, including SMA 200, 210, 400, 410 and 500V equipment.
In these vulnerabilities that have been fixed, the most serious is two key stack-based buffer overflow vulnerabilities, and the vulnerability numbers are CVE-2021-20038 and CVE-2021-20045, respectively. An attacker can remotely trigger the two vulnerabilities as “Nobody” users execute code in an infected device. This vulnerability affects the SMA200, 210, 400, 410 and 500V equipment firmware 10.2.0.8-37SV, 10.2.1.1-19SV, 10.2.1.24SV and earlier.
As of now, SonicWALL is unclear whether these vulnerabilities have been used in the wild.
The following is a full vulnerability list of Rapid7’s Jake Baines and NCC Group’s Richard Warren:
It is worth noting that SonicWALL said that the above security vulnerabilities have no relief measures, and customers need to update the security patches as soon as possible. In addition, security experts pointed out that there is also a highly serious authenticated command to inject vulnerability, and the vulnerability number is CVE-2021-20039, which has not yet been resolved.