Cybersecurity products provider SonicWall has released additional firmware updates for an SMA-100 zero-day vulnerability that was exploited in real-world attacks.
SonicWall had warned of a zero day vulnerability actively being exploited to target SonicWall Secure Mobile Access devices in the SMA 100 series in late January 2021. At the time, the company said it had suffered a “coordinated” attack on its internal systems conducted by “highly sophisticated threat actors”, in which the attackers exploited “probable” zero day vulnerabilities in the company’s remote access tools. At the end of January, cybersecurity firm NCC Group said it identified the zero-day vulnerability used in this campaign.
The vulnerability, tracked as CVE-2021-20016, allows a remote attacker to execute arbitrary SQL queries in database. The issue exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.
SonicWall released a fix for this flaw on February 3rd, and now the company is providing the additional SMA 100 Series 10.X And 9.X firmware updates.
“SonicWall is announcing the availability of new firmware versions for both 10.x and 9.x code on the SMA 100 series products, comprised of SMA 200, 210, 400, 410 physical appliances and the SMA 500v virtual appliance. SonicWall conducted additional reviews to further strengthen the code for the SMA 100 series product line,” the company said.
The updates are available for the following devices:
-
Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
-
Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)
Users are strongly recommended to apply the updates as soon as possible.