Cybersecurity specialists report the detection of 8 vulnerabilities in SonicWall Secure Mobile Access (SMA) 100. According to the report, the successful exploitation of these flaws would allow threat actors to deploy all kinds of risk scenarios.
Below are brief descriptions of the reported flaws, as well as their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-20038: A limit error when processing HTTP GET requests in SonicWall SMA SSLVPN would allow unauthenticated remote threat actors to send specially crafted HTTP requests to the SSL VPN interface, executing arbitrary code on the target system.
This is a critical flaw and received a CVSS score of 8.5/10.
CVE-2021-20039: The endpoint ‘/cgi-bin/viewcert’ allows users to upload, view or delete SSL certificates. Remote authenticated users can send a specially crafted HTTP POST request to the affected SSL VPN interface and execute arbitrary commands with root privileges.
The vulnerability received a CVSS score of 8.6/10.
CVE-2021-20040: Affected devices allow the upload of unauthenticated files, which remote hackers could take advantage of to send specially crafted HTTP requests and upload arbitrary files to any directory on the system.
This is a high severity flaw and received a CVSS score of 8.5/10.
CVE-2021-20041: An infinite loop on the endpoint “/fileshare/sonicfiles/sonicfiles” of the ‘fileexplorer’ process would allow unauthenticated remote threat actors to send specially crafted HTTP requests to the affected system to generate a denial of service (DoS) condition on the affected system.
The flaw received a CVSS score of 6.5/10.
CVE-2021-20042: Lack of security controls would allow unauthenticated remote threat actors to evade firewall rules and use the device undetected as an intermediary proxy.
This vulnerability received a CVSS score of 7.1/10.
CVE-2021-20043: A limit error in the RAC_GET_BOOKMARKS_HTML5 method would allow users to list their bookmarks, so remote threat actors could pass specially crafted data to the application, trigger a heap-based buffer overflow, and execute arbitrary code.
This flaw received a CVSS score of 7.7/10.
CVE-2021-20044: Incorrect access restrictions in the management API would allow remote users to evade implemented security restrictions and execute arbitrary commands.
This is a flaw of medium severity that received a CVSS score of 4.4/10.
CVE-2021-20045: A limit error in the RAC_COPY_TO method would allow users to upload files to an SMB share and pass specially crafted data to the affected application, triggering a heap-based buffer overflow and executing arbitrary code on the affected system.
This is a critical flaw and received a CVSS score of 8.5/10.
According to the report, the vulnerabilities reside in the following versions of SonicWall SMA 100: 10.2.0.8-37sv and 10.2.1.1-19sv.
Updates are now available, so administrators of affected deployments are encouraged to upgrade as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
