Pierluigi Paganini February 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks.

SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild.

SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion.

On January, 29 SonicWall announced it was investigating the presence of a zero-day vulnerability in the Secure Mobile Access (SMA) gateways.  

NCC Group first disclosed the attacks on SonicWall devices but did not provide details about the flaw exploited by the threat actors.

The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a CVSS score of 9.8.

A vulnerability results in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product, it could be exploited by a remote, unauthenticated attacker for credential access on SMA100 build version 10.x.

“A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x.” reads the advisory.

Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

This week, SonicWall released new firmware updates for SMA-100 series appliances and urge customers to install them as soon as possible.

The company declared that the security updates include additional security enhancements.

“Following up on the Feb. 3 firmware update outlined below, SonicWall is announcing the availability of new firmware versions for both 10.x and 9.x code on the SMA 100 series products, comprised of SMA 200, 210, 400, 410 physical appliances and the SMA 500v virtual appliance.” reads the security advisory.

“SonicWall conducted additional reviews to further strengthen the code for the SMA 100 series product line. The new SMA 10.2 firmware includes:

• Code-hardening fixes identified during an internal code audit
• Rollup of customer issue fixes not included in the Feb. 3 patch
• General performance enhancements
• Previous SMA 100 series zero-day fixes posted on Feb. 3

The new 9.0 firmware includes:

• Code-hardening fixes identified during an internal code audit“

The updates are available for the following devices:

• Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
• Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, SMA)

[adrotate banner=”5″]

[adrotate banner=”13″]