High Threat Security Alert (A21-01-09): Multiple Vulnerabilities in SonicWall SMA 100 Series Products
29 January 2021
Last update on:
04 February 2021
SonicWall has released a security advisory about probable zero-day vulnerabilities in SMA 100 Series products. The investigation into the vulnerabilities is continuing. According to the information provided by SonicWall, a remote attacker could gain unauthorised access to internal resources by exploiting the vulnerabilities.
SonicWall has released the SMA 100 series firmware 10.2.0.5-29sv update to patch the zero-day vulnerability in the following affected products:
>Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410 >Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)
Affected users are advised to apply the firmware update to mitigate the elevated risk of cyber attacks. Users who are unable to immediately deploy the patch are advised to enable the built-in Web Application Firewall (WAF) feature to mitigate the vulnerability. For detailed information, please refer to the following vendor’s URL: https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Active exploitation against zero-day vulnerabilities in SonicWall SMA 100 Series products has been observed. Patches are yet to be available but SonicWall has provided measures to mitigate the risk. In view of the elevated risk of cyber attacks, Users are advised to accord priority to apply the SonicWall's suggested mitigation measures immediately.
SonicWall SMA 100 Series products
A successful attack could lead to information disclosure on an affected system.
SonicWall has not yet released relevant patches to address the vulnerabilities but the following immediate actions are suggested to mitigate the risk of exploitation:
Enable Geo-IP/botnet filtering and create a policy blocking web traffic from countries that do not need to access applications See page 248 of the SMA 100 Series 10.2 Administration Guide
Enable and configure End Point Control (EPC) to verify a user's device before establishing a connection See page 207 of the SMA 100 Series 10.2 Administration Guide https://www.sonicwall.com/techdocs/pdf/232-005398-00_RevA_SMA_10.2_AdministrationGuide.pdf
Restrict access to the portal by enabling Scheduled Logins/Logoffs See page 117 of the SMA 100 Series 10.2 Administration Guide https://www.sonicwall.com/techdocs/pdf/232-005398-00_RevA_SMA_10.2_AdministrationGuide.pdf