Network security vendor SonicWall has “stronly urged” its customers to update their SMA 100 series appliances to the latest version to remove multiple critical and high-risk vulnerabilities that could be exploited for remote code execution.
The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and prior, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier.
The highest severity vulnerabilities patched by SonicWall are CVE-2021-20038 and CVE-2021-20045 (both rated as critical), CVE-2021-20039, CVE-2021-20040, CVE-2021-20042, CVE-2021-20043. If exploited, these bugs could allow a remote attacker to execute arbitrary code on the system, bypass implemented security restrictions, or compromise vulnerable system.
“There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible,” the vendor said, adding that it does not have any evidence of these bugs being exploited in the wild.
In January 2021, SonicWall revealed it was hit by a “coordinated” attack on its internal systems conducted by “highly sophisticated threat actors”, in which the attackers exploited “probable” zero day vulnerabilities in the company’s remote access tools.