Threat actors are exploiting a critical vulnerability, CVE-2021-20034, in Sonicwall's Secure Mobile Access SMA100 appliances. Here's what you need to know.
On September 24, 2021, SonicWall issued an alert advising their SMA100 customers of a critical vulnerability, CVE-2021-20034. The vulnerability could allow a remote threat actor to delete an arbitrary file that results in factory reset of the device and settings.
Quick facts: what you need to know now
- Impacted devices include SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.
- The vulnerability could lead to a threat actor resetting the device and gaining administrative access to the device.
- The administrative access can lead to remote access to your environment or changes to configuration settings of the device.
Next Steps for All SonicWall Secure Mobile Access (SMA) Customers:
- Immediately patch the device to the latest version.
- Here’s additional guidance from SonicWall on how to upgrade.
- If the device was factory reset, it could indicate exploitation.
- If you find any suspicious activity, immediately notify Corvus of a potential claim via the email or hotline listed on your policy. We will then connect you to counsel and a forensics firm to ensure your organization properly investigates, mitigates, and responds to the threat.
If you have any questions, please reach to the Risk + Response Team at firstname.lastname@example.org!