SonicWall ‘strongly urges’ organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.
The highest severity flaws patched by SonicWall this week are CVE-2021-20038 and CVE-2021-20045, two critical Stack-based buffer overflow vulnerabilities that can let remote unauthenticated attackers execute as the ‘nobody’ user in compromised appliances.
Other bugs patched by the company on Tuesday enable authenticated threat actors to gain remote code execution, inject arbitrary commands, or upload crafted web pages and files to any directory in the appliance following successful exploitation.
However, the most dangerous one if left unpatched is CVE-2021-20039. This high severity security issue can let authenticated attackers inject arbitrary commands as the root user leading to a remote takeover of unpatched devices.
Luckily, SonicWall says that it hasn’t yet found any evidence of any of these security vulnerabilities being exploited in the wild.
|CVE-2021-20038||Unauthenticated Stack-based Buffer Overflow||9.8 High|
|CVE-2021-20039||Authenticated Command Injection Vulnerability as Root||7.2 High|
|CVE-2021-20040||Unauthenticated File Upload Path Traversal Vulnerability||6.5 Medium|
|CVE-2021-20041||Unauthenticated CPU Exhaustion Vulnerability||7.5 High|
|CVE-2021-20042||Unauthenticated “Confused Deputy” Vulnerability||6.3 Medium|
|CVE-2021-20043||getBookmarks Heap-based Buffer Overflow||8.8 High|
|CVE-2021-20044||Post-Authentication Remote Code Execution (RCE)||7.2 High|
|CVE-2021-20045||Multiple Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows||9.4 High|
“SonicWall urges impacted customers to implement applicable patches as soon as possible,” the company says in a security advisory published Tuesday.
To put the importance of patching these security flaws into perspective, SonicWall SMA 100 appliances have been targeted by ransomware gangs multiple times since the start of 2021.
For instance, Mandiant said in April that the CVE-2021-20016 SMA 100 zero-day was exploited to deploy a new ransomware strain known as FiveHands starting with January when it was also used to target SonicWall’s internal systems. Before patches were released in late February 2021, the same bug was abused indiscriminately in the wild.
In July, SonicWall also warned of the increased risk of ransomware attacks targeting unpatched end-of-life SMA 100 series and Secure Remote Access products. However, CrowdStrike, Coveware security researchers, and CISA warned that SonicWall appliances were already targeted by HelloKitty ransomware.
SonicWall’s products are used by over 500,000 business customers from 215 countries and territories worldwide, many deployed on the networks of the world’s largest companies and government agencies.