The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in SonicWall's Secure Mobile Access (SMA) 100 series devices. This flaw, tracked as CVE-2021-20035, has been flagged as actively exploited in the wild, prompting urgent action from organizations using these devices.

Key Takeaways

• CISA has added CVE-2021-20035 to its Known Exploited Vulnerabilities catalog.

• The vulnerability allows remote authenticated attackers to execute arbitrary commands.

• SonicWall has urged users to upgrade to the latest firmware to mitigate risks.

• Federal agencies have until May 7, 2025, to secure their networks against this threat.

Overview of the Vulnerability

The vulnerability in question is a case of improper neutralization of special elements in the SMA100 management interface. This flaw allows remote authenticated attackers to inject arbitrary commands as a 'nobody' user, potentially leading to code execution. The CVSS score for this vulnerability has been updated to 7.2, indicating a high severity level.

The affected devices include:

• SMA 200

• SMA 210

• SMA 400

• SMA 410

• SMA 500v (ESX, KVM, AWS, Azure)

Exploitation Details

SonicWall has reported that this vulnerability has been actively exploited, with evidence suggesting that threat actors are leveraging it to gain unauthorized access to networks. The flaw was initially patched in September 2021, but recent updates indicate that it is now being exploited in the wild, which has raised alarms among cybersecurity professionals.

Recommendations for Users

To protect against potential breaches, SonicWall has recommended that all users of the SMA 100 series devices take the following actions:

1. Upgrade Firmware: Users should immediately upgrade to the latest firmware versions:10.2.1.1-19sv or higher for SMA 200, 21010.2.0.8-37sv or higher for SMA 400, 4109.0.0.11-31sv or higher for SMA 500v

2. Monitor Network Activity: Organizations should closely monitor their network for any unusual activity that may indicate exploitation attempts.

3. Implement Additional Security Measures: Consider additional security measures such as network segmentation and enhanced monitoring to further protect sensitive data.

The recent warning from CISA highlights the ongoing risks associated with vulnerabilities in widely used network security devices. Organizations utilizing SonicWall SMA 100 series appliances must act swiftly to mitigate the risks posed by CVE-2021-20035. By applying the necessary patches and monitoring their networks, they can better protect themselves against potential cyber threats.

As cybercriminals continue to adapt their strategies, awareness and education remain crucial in combating these threats. Cybersecurity is critical. BetterWorld Technology offers cutting-edge solutions to combat evolving threats while driving innovation. Protect your business with confidence—contact us today for a consultation!

Sources

• SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks, BleepingComputer.

• SonicWall Flags Old Vulnerability as Actively Exploited, SecurityWeek.

• CISA tags SonicWall VPN flaw as actively exploited in attacks, BleepingComputer.

• CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices, The Hacker News.

• SonicWall issues patch for firmware zero-day used to attack the company and its customers, CyberScoop.