SonicWall Releases Security Update

Threat ID:: CC-3953
Threat Severity:: Information only
Published:: 28 September 2021 1:22 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: 10.2.1.0-17sv and earlier, 10.2.0.7-34sv and earlier, 9.0.0.10-28sv and earlier

Sonicwall Secure Mobile Access (SMA) 100 Series Appliances

Threat details

Sonicwall have urged customers to patch a critical vulnerability in the Secure Mobile Access (SMA) 100 series appliances. The SMA 100 series appliances, which include SMA 200, 210, 400, 410, and 500v, are vulnerable to an improper limitation of a file path to a restricted directory, leading to an arbitrary file deletion as 'nobody'.

This vulnerability could allow a remote unauthenticated attacker the ability to delete arbitrary files from the appliance and gain administrator access on the underlying host.

Remediation advice

Affected organisations are encouraged to review the SonicWall security advisory SNWLID-2021-0021 and Critical Arbitrary File Delete Vulnerability In SonicWall SMA 100 Series Appliances product notification page and apply the relevant updates.

CVE Vulnerabilities

Status Published

CVE-2021-20034

Last edited: 28 September 2021 1:22 pm