How can we help?
SonicWall have patched a vulnerability in SMA 100 series VPNs.
The vulnerability (CVE-2021-20034) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’
A remote, unauthenticated attacker could delete files from a SMA 100 series appliance and potentially gain administrator access to the device.
Not detected by Nessus or Qualys at this time.
SMA 100 Series (SMA 200, 210, 400, 410, 500v)
- 10.2.1.0-17sv and earlier
- 10.2.0.7-34sv and earlier
- 188.8.131.52-28sv and earlier
Containment, Mitigations & Remediations
No temporary mitigations. SonicWall urges customers to patch as soon as possible.
Indicators of Compromise
No evidence of active exploitation.
VPN appliances are a popular target for ransomware groups as they grant access to the internal network as well as being a source of user credentials.
– T1190 – Exploit Public-Facing Application