Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0037.2 SonicWall Confirms SMA 100 Series 10.X Zero-Day Vulnerability 5 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SMA 200 SMA 210 SMA 400 SMA 410 SMA 500v Operating System: Network Appliance Virtualisation Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2021-20016 Revision History: February 5 2021: Firmware update fixing vulnerability made available February 2 2021: Initial Release OVERVIEW SonicWall is vulnerable to an improper SQL command neutralization in SMA100 build version 10.x[1]. IMPACT The vendor has provided the following details regarding this issue: "A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x"[1] "CVSS v3 9.8 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"[1] "Affected SMA 100 devices with 10.x firmware that requires the critical patch - Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410 - Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)"[1] MITIGATION SonicWall has announced "the availability of an SMA 100 series firmware 10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series 10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation" including recommended upgrade steps and additional background and details [2], [3]. SonicWall has provided the following recommendations: "1) Enable multifactor authentication (MFA) as a safety measure. - MFA has an invaluable safeguard against credential theft and is a key measure of good security posture. - MFA is effective whether it is enabled on the appliance directly or on the directory service in your organization. 2) Enable WAF on SMA100. 3) Reset the passwords for any users who may have logged into the device via the web interface." [1] REFERENCES [1] CONFIRMED ZERO-DAY VULNERABILITY IN THE SONICWALL SMA100 BUILD VERSION 10.X https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 [2] Urgent Security Notice: NetExtender VPN Client 10.X, SMA 100 Series Vulnerability https://www.sonicwall.com/support/product-notification/210122173415410 [3] SonicWall SMA 100 Series - Security Best Practice Guide https://www.sonicwall.com/techdocs/pdf/SMA-100-Series-Security-Best-Practices-Guide.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYBy82uNLKJtyKPYoAQivjxAAgDkb5WriKm9iNAHEy2PBEGsRNtAuBLdb Z4eQ2iebIFsXDI5eDsun2+3ke9FSH4r1o0MzYpbqClo+/qvK3dZpIpH59jRYCNlO 8wTssIxbIPor+F5Ln9hDHFwr/esbjj2pkoaU/D++Ycllf26vPks00pIEmkHGmxON 9NVOHhQRJRYIU8XzOpsoUR9EoD0tYwTA+/5crbH6kODmbhEPJYlJh9wjq8mwwFgU H348sF2Lc4IpjD4AWN6E6Ef/qtEZv/19ClisZtfxtrVAJ1t1jQTDwiYSnRabOcR2 UeCom1B0SF+ZiyZPSzmf1L114uRREIZUw7AVLe27jrXyM78mDtv7V7QfHjTAYpnP bdJDqH6Unqe+FZASLW+O0fAsfB8TT9SNOkGBpP6ORL/kWEr5ew1Ao1npZDd4jF8g m7q/OsX3WPjzGBwdXXVRh9eGDibg6D4Oo+Fx/XCk94pxFXET8BL+MbljM6xY6lLg ncH9T3XZcZiT7+InPZxu2mCooY7/CyPBFVJwmLAwN5Yt/x4DTPwBbz+M9vRhDUkh YYB4DwSXuXu/cMzhC1wIUfFvZ72VbEKiYY/2kIZxqgsxqM7zZvgXELu9HHfTetoY cxENxw728esmaxXNiLpNmN1PQ0nQKXmo95exWiSZlIZysikixwcczH7ASGCzIK/6 4Yh9FtFpcTI= =VMU1 -----END PGP SIGNATURE-----