SonicWall ‘strongly urges’ Admins to Patch SSLVPN SMA1000 Bugs
SonicWall “strongly urges” customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.
SonicWall SMA 1000 SSLVPN solutions are used by enterprises to simplify end-to-end secure remote access to corporate resources across on-prem, cloud, and hybrid data center environments.
While the first flaw (an unauthenticated access control bypass rated as high severity) is now tracked as CVE-2022-22282, the other two (a hard-coded cryptographic key and an open redirect, both rated as medium severity) are still waiting for a CVE ID to be issued.
“SonicWall strongly urges that organizations using the SMA 1000 series products upgrade to the latest patch,” the company says in a security advisory published this week.
However, SonicWall also pointed out that it found “no evidence that these vulnerabilities are being exploited in the wild.”
It also added that the vulnerabilities do not affect SMA 1000 series running versions earlier than 12.4.0, SMA 100 series products, CMS, and remote access clients.
The security bugs impact the following SMA 1000 Series models: 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure).
|Summary||CVSS Score||Impacted Firmware||Fixed Firmware|
|Unauthenticated access control bypass||8.2 (High)||12.4.0|
|Use of hard-coded cryptographic key||5.7 (Medium)||12.4.0|
|URL redirection to an untrusted site (open redirection)||6.1 (Medium)||12.4.0|
Of the three vulnerabilities, CVE-2022-22282 is the most severe as it allows unauthenticated attackers to bypass access control and gain access to internal resources.
This bug can be exploited remotely in low complexity attacks that do not require any user interaction to pull off.
The hard-coded cryptographic key weakness can also have serious consequences if left unpatched and exploited by attackers, as it will enable them to get access to encrypted credentials.
“The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered,” according to MITRE’s CWE database.
“If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question.”
SonicWall devices targeted by ransomware
Since SMA 1000 series VPN appliances are used to secure remote connections into corporate networks, threat actors will most likely look into ways to exploit them.
In July 2021, SonicWall also warned of an increased risk of ransomware attacks targeting end-of-life SMA 100 series and Secure Remote Access products.
Over 500,000 business customers from 215 countries and territories worldwide are using SonicWall’s products, many of them deployed on the networks of government agencies and the world’s largest companies.