April 19, 2024

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100, 200, 210, 400, 410, 500v series products tracked as CVE-2021-20034 that can let unauthenticated attackers remotely gain admin access on targeted devices.

There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

Successful exploitation can let attackers delete arbitrary files from unpatched SMA 100 secure access gateways to reboot to factory default settings and potentially gain administrator access to the device. The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as nobody

SonicWall SMA 100 series appliances have been targeted by ransomware gangs multiple times since the start of 2021, with the end goal of moving laterally into the target organization’s network

SonicWall recently said that its products are used by more than 500,000 business customers in over 215 countries and territories worldwide. Many of them are deployed on the networks of the world’s largest organizations, enterprises, and government agencies.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Windows New Privilege Escalation on Sale in dark forum

April 19, 2024

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading