Admins who implement remote access to companies via Sonicwall’s Secure Mobile Access Systems (SMA) should update the appliances quickly. Otherwise attackers could attack systems.
Via SMA, employees access company resources with their devices over the Internet. Successful attacks could therefore pave the way into the network for attackers.
In a warning message, the manufacturer of network equipment executesthat the SMA Applainces SMA 100, 200, 210, 400, 410 and 500v are vulnerable. This should also be the case if a firewall is activated. According to their own statements, the developers have closed eight security holes in current firmware versions.
Root vulnerability
Two loopholes (CVE-2021-20038, CVE-2021-20045) are considered to be “critical“. The error descriptions sound as if attackers could execute malicious code without authentication. By successfully exploiting another vulnerability (CVE-2021-20039 “high“) Authenticated attackers should be able to execute commands with root rights. Sonicwall confirms that they have not seen any attacks so far.
The following firmware versions should be equipped against the attacks:
- 10.2.1.3-27sv
- 10.2.0.9-41sv
All previous editions are said to be vulnerable. Support for 9.0.0 expired at the end of October 2021. An upgrade to 10.2.x is required here so that security updates can also be installed in the future.
(from)
Article Source
Disclaimer: This article is generated from the feed and not edited by our team.