Last Updated on 09/12/2021 by Nidhi Khandelwal
After the revelation of various security vulnerabilities that might be exploited by a remote attacker to take complete control of an affected machine, network security provider SonicWall is encouraging users to update their SMA 100 series appliances to the current version.
SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and prior are affected by the issues. The security flaws were discovered and reported by security experts Jake Baines (Rapid7) and Richard Warren (NCC Group), according to the San Jose-based company.
An adversary could execute arbitrary code, upload specially crafted payloads, modify or delete files in specific directories, reboot the system remotely, bypass firewall rules, and even consume all of the device’s CPU, potentially causing a denial-of-service (DoS) condition if the flaws were successfully exploited.
While there is no evidence that these flaws are being exploited in the field, it is highly suggested that users apply the fixes as soon as possible, given that SonicWall devices have become a lucrative target for threat actors in recent months, resulting in a flurry of unwanted acts.