-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
SonicWall Confirms SMA 100 Series 10.X Zero-Day Vulnerability
5 February 2021
AusCERT Security Bulletin Summary
Product: SMA 200
Operating System: Network Appliance
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
CVE Names: CVE-2021-20016
Revision History: February 5 2021: Firmware update fixing vulnerability made available
February 2 2021: Initial Release
SonicWall is vulnerable to an improper SQL command neutralization in
SMA100 build version 10.x.
The vendor has provided the following details regarding this issue:
"A vulnerability resulting in improper SQL command neutralization in the
SonicWall SSLVPN SMA100 product allows remote exploitation for credential
access by an unauthenticated attacker. This vulnerability impacts SMA100
build version 10.x"
"CVSS v3 9.8
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
"Affected SMA 100 devices with 10.x firmware that requires the critical patch
- Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
- Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)"
SonicWall has announced "the availability of an SMA 100 series firmware
10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series
10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to
avoid potential exploitation" including recommended upgrade steps and
additional background and details , .
SonicWall has provided the following recommendations:
"1) Enable multifactor authentication (MFA) as a safety measure.
- MFA has an invaluable safeguard against credential theft and is a key measure
of good security posture.
- MFA is effective whether it is enabled on the appliance directly or on the
directory service in your organization.
2) Enable WAF on SMA100.
3) Reset the passwords for any users who may have logged into the device
via the web interface." 
 CONFIRMED ZERO-DAY VULNERABILITY IN THE SONICWALL SMA100 BUILD
 Urgent Security Notice: NetExtender VPN Client 10.X, SMA 100 Series
 SonicWall SMA 100 Series - Security Best Practice Guide
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----