Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

ronjor · Feb 2, 2021

Original release date: February 02, 2021

CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on Sunday, January 31, 2021. This vulnerability impacts only SMA 100 series devices with firmware version 10.x, and SonicWall is working on a patch that is expected to be released by end of day Tuesday, February 2, 2021.
Click to expand...

ronjor · Feb 23, 2021

SonicWall Releases Additional Patches

Original release date: February 23, 2021
SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system.
CISA encourages users and administrators to review the updated SonicWall alert and apply the necessary patches as soon as possible.
Click to expand...

Minimalist · Apr 29, 2021

New ransomware group uses SonicWall zero-day to breach networks

A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets.
Click to expand...

https://www.bleepingcomputer.com/ne...p-uses-sonicwall-zero-day-to-breach-networks/

hawki · Jul 14, 2021

"SonicWall: ‘Imminent Risk’ Of Ransomware Attack...

SonicWall is warning of an imminent risk of a ransomware attack targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products in a security notice today.

'Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,' said San Jose, Calif.-based the platform security vendor in an urgent security notice today.

'SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials,' said SonicWall. 'The exploitation targets a known vulnerability that has been patched in newer versions of firmware.'..."

https://www.crn.com/news/security/sonicwall-imminent-risk-of-ransomware-attack

"SonicWall warns of 'critical' ransomware risk to SMA 100 VPN appliances..."

https://www.bleepingcomputer.com/ne...al-ransomware-risk-to-sma-100-vpn-appliances/

ronjor · Jul 15, 2021

Ransomware Risk in Unpatched, EOL SonicWall SRA and SMA 8.x Products

Original release date: July 15, 2021
CISA is aware of threat actors actively targeting a known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. Threat actors can exploit this vulnerability to initiate a targeted ransomware attack.
Click to expand...

CISA encourages users and administrators to review the SonicWall security advisory
and upgrade to the newest firmware or disconnect EOL appliances as soon as possible. Review the CISA Bad Practices webpage to learn more about bad cybersecurity practices, such as using EOL software, that are especially dangerous for organizations supporting designated Critical Infrastructure or National Critical Functions.
Click to expand...

guest · Sep 24, 2021

SonicWall fixes critical bug allowing SMA 100 device takeover
September 24, 2021
https://www.bleepingcomputer.com/ne...ritical-bug-allowing-sma-100-device-takeover/

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.

The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v.
There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

"The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as nobody," the company said.
Click to expand...

ronjor · Dec 8, 2021

SonicWall Releases Security Advisory for SMA 100 Series Appliances

Original release date: December 08, 2021
SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with remote access to internal resources.
Click to expand...

Note: although there are currently no reports of these vulnerabilities being exploited in the wild, in July 2021, CISA warned of threat actors actively targeting a known, previously patched, vulnerability in SonicWall SMA 100 series appliances.
CISA encourages users and administrators to review the SonicWall security advisory
and apply the necessary firmware updates as soon as possible.
Click to expand...

Log in or Sign up

Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

hawki Registered Member

ronjor Global Moderator

guest Guest

ronjor Global Moderator

Log in or Sign up

Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

hawki Registered Member

ronjor Global Moderator

guest Guest

ronjor Global Moderator

Useful Searches