SonicWall Releases SMA 100 Security Update

Scheduled updates for Secure Mobile Access (SMA) 100 series appliances address eight vulnerabilities.

Threat ID:: CC-3987
Threat Severity:: Information only
Published:: 9 December 2021 11:46 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Secure Mobile Access (SMA) 100 series appliances address eight vulnerabilities.

Affected platforms

The following platforms are known to be affected:

Versions: 9.0.0.11-31sv, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv

Sonicwall Secure Mobile Access (SMA) 100 Series Appliances

Threat details

Introduction

SonicWall have released security updates to address eight vulnerabilities, three of which are rated critical, in the Secure Mobile Access (SMA) 100 series appliances. This SonicWall product line includes SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NOTE: Support for 9.0.0 firmware ended on 31/10/2021.

Remediation advice

Affected organisations are encouraged to review the SonicWall security advisory SNWLID-2021-0026 and the SMA 100 Series Vulnerability Patches (Q4 2021) product notification page and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Status Published

CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20040

A relative path traversal vulnerability in the SMA100 upload function allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20041

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20042

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20044

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Status Published

CVE-2021-20045

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Last edited: 14 January 2022 4:24 pm