Privacy Ninja

SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.

The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v.

There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

No in the wild exploitation

Successful exploitation can let attackers delete arbitrary files from unpatched SMA 100 secure access gateways to reboot to factory default settings and potentially gain administrator access to the device.

“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as nobody,” the company said.

SonicWall asked organizations using SMA 100 series appliances to immediately log in to MySonicWall.com to upgrade the appliances to the patched firmware versions outlined in the table embedded below.

The company found no evidence that this critical pre-auth vulnerability is currently being exploited in the wild.

ProductPlatformImpacted VersionFixed Version
SMA 100 Series• SMA 200
• SMA 210
• SMA 400
• SMA 410
• SMA 500v (ESX, KVM, AWS, Azure)
10.2.1.0-17sv and earlier10.2.1.1-19sv and higher
10.2.0.7-34sv and earlier10.2.0.8-37sv and higher
9.0.0.10-28sv and earlier9.0.0.11-31sv and higher

Ransomware targeting

SonicWall SMA 100 series appliances have been targeted by ransomware gangs multiple times since the start of 2021, with the end goal of moving laterally into the target organization’s network

For instance, a threat group Mandiant tracks as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 appliances to deploy a new ransomware strain known as FiveHands (a DeathRansom variant just as HelloKitty).

Also Read: How a Smart Contract Audit Works and Why it is Important

Their attacks targeted multiple North American and European organizations before security updates were released in late February 2021. The same flaw was also exploited in January in attacks targeting SonicWall’s internal systems and later indiscriminately abused in the wild.

Two months ago, in July, SonicWall warned of an increased risk of ransomware attacks targeting unpatched end-of-life (EoL) SMA 100 series and Secure Remote Access (SRA) products.

CrowdStrike and Coveware security researchers added to SonicWall’s warning saying that the ransomware campaign was ongoing. CISA confirmed the researchers’ findings three days later, warning that threat actors were targeting a previously patched SonicWall vulnerability

BleepingComputer also reported at the time that HelloKitty ransomware had been exploiting the vulnerability (tracked as CVE-2019-7481) for a few weeks before SonicWall’s ‘urgent security notice’ was issued.

SonicWall recently revealed that its products are used by more than 500,000 business customers in over 215 countries and territories worldwide. Many of them are deployed on the networks of the world’s largest organizations, enterprises, and government agencies.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us