SonicWall urges customers using SMA 100 series appliances to apply security patches that address multiple security vulnerabilities, some of which have been rated as critical.
SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by most of these vulnerabilities
Affected products are SMA 200, 210, 400, 410, and 500v appliances.
The most severe vulnerabilities addressed by SonicWall are two critical stack-based buffer overflow vulnerabilities tracked as CVE-2021-20038 and CVE-2021-20045 respectively. A remote attacker can trigger the two vulnerabilities to potentially execute as the ‘nobody’ user in compromised appliances.
“A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s mod_cgi module environment variables allow a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.” reads the advisory for the CVE-2021-20038 flaw.
SonicWall is not aware of attacks in the wild exploiting the following vulnerabilities.
|SMA-3217||Unauthenticated Stack-Based Buffer Overflow||CVE-2021-20038||9.8|
|SMA-3204||Authenticated Command Injection||CVE-2021-20039||7.2|
|SMA-3206||Unauthenticated File Upload Path Traversal||CVE-2021-20040||6.5|
|SMA-3207||Unauthenticated CPU Exhaustion||CVE-2021-20041||7.5|
|SMA-3208||Unauthenticated Confused Deputy||CVE-2021-20042||6.3|
|SMA-3231||Heap-Based Buffer Overflow||CVE-2021-20043||8.8|
|SMA-3233||Post-Authentication Remote Command Execution||CVE-2021-20044||7.2|
|SMA-3235||Multiple Unauthenticated Heap-Based and Stack Based Buffer Overflow||CVE-2021-20045||9.4|