SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws
Dec 09, 2021
Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings. The list of eight security vulnerabilities identified in its remote access products is as follows - CVE-2021-20038 (CVSS score: 9.8) - SMA100 Series unauthenticated stack-based buffer overflow vulnerability CVE-2021-20039 (CVSS score: 7.2) - SMA 100 Series authenticated command injection vulnerability as root CVE-2021-20040 (CVSS score: 6.5) - SMA 100 Series unauthenticated file upload path trave