Sonicwall SMA 100 Series Security Update
Date of Notice: 12/8/2021
Action Level - Critical
Description
MCNC would like to make you aware of a group of vulnerabilities affecting Sonicwall SMA 100 Series devices. These vulnerabilities could allow an attacker to bypass authentication and execute arbitrary code as root user, upload arbitrary files, or cause a denial of service. Several of the vulnerabilities are critical impact, and Sonicwall recommends updating impacted devices as soon as possible.
Affected Devices
- SMA 100 Series (SMA 100, 200, 210, 400, 410, 500v)
Affected Firmware versions
- 9.0.0.11-31sv
- 10.2.0.8-37sv
- 10.2.1.1-19sv
- 10.2.1.2-24sv
First Fixed Firmware versions
- 10.2.0.9-41sv
- 10.2.1.3-27sv
Attack Vector
An attacker with remote or local access to an unpatched device.
Attack Feasibility
There is currently no evidence that the vulnerabilities are being exploited in the wild.
Mitigations
There are no known mitigations or workarounds to address this vulnerability.
Remediation
Sonicwall has released firmware updates to remediate these vulnerabilities. Due to the critical nature, they recommend immediate patching