SonicWall has released an urgent patch for a Critical SonicWall SMA 100 Series version 10.x zero-day vulnerability CVE-2021-20016.
In an urgent security alert, SonicWall released a new update on the threat on February 3, 2021:
“SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series 10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation.”
On January 22, 2021, SonicWall first spotted a “coordinated attack on its internal systems by highly sophisticated threat actors.” The security firm attributed the attacks to likely exploitation of SonicWall zero-day vulnerabilities.
SonicWall soon thereafter published an advisory with more details on the vulnerability and as reported by a third-party threat research team:
“A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker.”
The zero-day vulnerability CVE-2021-20016 affects the following SonicWall Secure Mobile Access (SMA) 100 series products running 10.x Firmware:
- Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
- Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV).
In addition to applying the firmware updates to patch the vulnerability, organizations should also reset the passwords for any users who have logged into SonicWall device web interfaces.
Moreover, administrators should enable multifactor authentication (MFA) for all virtual private and remote connections for additional protections.