SonicWall has reported critical vulnerabilities in the SonicWall Secure Mobile Access (SMA) 100 series appliances. Here's what you need to know.
On December 1, 2021, SonicWall issued an advisory addressing high and critical vulnerabilities in their SonicWall Secure Mobile Access (SMA) 100 series appliances. These vulnerabilities could allow an unauthorized user to gain complete control of the SMA 100 series appliances, which includes SMA 200, 210, 400, 410 and 500v products. Initial observations showed organizations with the WAF (web application firewall) feature enabled will be impacted by most of the vulnerabilities. SonicWall customers are encouraged to patch SMA 100 series products immediately.
Quick facts: what you need to know now
- Impacted versions include 10.2.0.8-37sv, 10.2.1.1-19sv, and 10.2.1.2-24sv.
- Exploitation of the vulnerability has not been observed in the wild at this point but could be imminent.
- An unauthenticated user could execute arbitrary commands on the appliance as the root user which could lead to the full compromise of the device.
- Ransomware threat actors commonly target vulnerabilities in VPN devices to gain access to environments to then deploy ransomware throughout the environment.
Next Steps for All SonicWall Secure Mobile Access (SMA) 100 Series Customers:
- Update firmware to the latest version, 10.2.1.3-27sv.
- Review VPN logs for suspicious login activity. If suspicious activity is identified during review:
- Reset all user VPN credentials and ensure MFA is enabled.
- Immediately notify Corvus of a potential claim via the email or hotline listed on your policy. We will then connect you to counsel and a forensics firm to ensure your organization properly investigates, mitigates, and responds to the threat.
If you have any questions, please reach out to the Risk + Response Team at firstname.lastname@example.org!