IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Vulnerabilities pose danger to SonicWall SMA 100 remote access appliances
Thu, 20th Jan 2022
FYI, this story is more than a year old

SonicWall and Australia's ACSC are urging all businesses using SonicWall SMA 100 Series appliances to patch the devices as soon as possible.

The vulnerabilities could enable a remote attacker to gain access to the devices and execute code such as malware, according to the ACSC.

The SMA 100 series appliances include SMA 200, 210, 400, 410 and 500v products, as well as SMA 100 series appliances with a web application firewall (WAF) enabled.

The vulnerabilities, as listed on the CVE program website, are detailed below.

CVE-2021-20038: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability applies to SMA 200, 210, 400, 410 and 500v appliances with firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv, and earlier versions.

CVE-2021-20039: Improper neutralisation of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20040: A relative path traversal vulnerability in the SMA100 upload function allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20041: An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20042: An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20043: A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20044: A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

CVE-2021-20045: A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affects SMA 200, 210, 400, 410 and 500v appliances.

According to a statement from SonicWall the vulnerabilities have not been exploited in the wild, however, the company ‘strongly urges' organisations to patch their devices.

SonicWall advises organisations using SMA 100 series appliances to “immediately log in to MySonicWall.com to upgrade their appliances to the patched firmware versions outlined.