Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

SonicWall issues firmware patch after attackers exploited critical bugs

SonicWall noted that the exploitation targets a known vulnerability that has been patched in newer versions of firmware.  (SonicWall)

SonicWall today made available a critical patch for two vulnerabilities in its Secure Mobile Access 100 series products featuring 10.x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. 

Days after SonicWall disclosed the incident on Jan. 22, researchers with the NCC Group on Jan. 31 and Feb. 2 confirmed the presence of the two bugs, enabling the development of a fix. One flaw consists of an exploit that enables admin credential access, and the other is a remote code execution attack.

A SonicWall security advisory describes one vulnerability – designated CVE-2021-20016 and granted a CVSS score of 9.8 – as a SQL injection bug “in the SonicWall SSLVPN SMA100 product that allows a remote unauthenticated attacker to perform SQL query to access username password and other session-related information.”

SonicWall’s firmware update to version repairs the affected products, which are listed as the SMA 200, SMA 210, SMA 400 and SMA 410 appliances and the SMA 500v virtual appliance (for Azure, AWS, ESXi, and HyperV). SonicWall said that at this time it is “not aware of any forensic data that can be viewed by the user to determine whether a device has been attacked.”

Those who do upgrade the firmware are advised to “reset the passwords for any users who may have logged in to the device via the web interface” as well as enable multi-factor authentication. Those unable to install the patch at this time can apply a temporary mitigation technique by enabling their devices’ built-in web application firewall (WAF) feature.

SonicWall also noted that it pulled vulnerable virtual SMA 100 series 10.x images from AWS and Azure marketplaces. Updated images will be re-submitted as soon as possible, the company stated.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.