Get in Touch
SonicWall Patches Critical Vulnerability
Overview
SonicWall have patched a vulnerability in SMA 100 series VPNs.
The vulnerability (CVE-2021-20034) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’
Impact
A remote, unauthenticated attacker could delete files from a SMA 100 series appliance and potentially gain administrator access to the device.
Vulnerability Detection
Not detected by Nessus or Qualys at this time.
Affected Products
SMA 100 Series (SMA 200, 210, 400, 410, 500v)
- 10.2.1.0-17sv and earlier
- 10.2.0.7-34sv and earlier
- 9.0.0.10-28sv and earlier
Containment, Mitigations & Remediations
No temporary mitigations. SonicWall urges customers to patch as soon as possible.
Indicators of Compromise
No evidence of active exploitation.
Threat Landscape
VPN appliances are a popular target for ransomware groups as they grant access to the internal network as well as being a source of user credentials.
Mitre Methodologies
– T1190 – Exploit Public-Facing Application
Further Information
Security Notice: Critical Arbitrary File Delete Vulnerability In SonicWall SMA 100 Series Appliances