- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
What Happened?
Multiple bugs were discovered in SonicWall’s Secure Mobile Access (SMA) 100 Series VPN appliances. These bugs range from medium to critical, with more severe flaws enabling an unauthenticated user to execute code as a “nobody” user.
These vulnerabilities affect SonicWall SMA 200, 210, 400, 410, and 500v appliances even with the web application firewall (WAF) enabled. The SMA 100 Series is intended to provide secure access to data center, cloud, and SaaS resources from a single portal.
A summary of the discovered bugs are below:
CVE | Description | CVSS Score | Who Reported It? |
---|---|---|---|
CVE-2021-20038 | Unauthenticated Stack-based Buffer Overflow | 9.8 High | Rapid7 |
CVE-2021-20039 | Authenticated Command Injection Vulnerability as Root | 7.2 High | Rapid7 |
CVE-2021-20040 | Unauthenticated File Upload Path Traversal Vulnerability | 6.5 Medium | Rapid7, NCCGroup |
CVE-2021-20041 | Unauthenticated CPU Exhaustion Vulnerability | 7.5 High | Rapid7 |
CVE-2021-20042 | Unauthenticated “Confused Deputy” Vulnerability | 6.3 Medium | Rapid7 |
CVE-2021-20043 | getBookmarks Heap-based Buffer Overflow | 8.8 High | NCCGroup |
CVE-2021-20044 | Post-Authentication Remote Code Execution (RCE) | 7.2 High | NCCGroup |
CVE-2021-20045 | Multiple Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows | 9.4 High | NCCGroup |
How Bad is This?
There are multiple bugs in the SonicWall SMA 100 series appliances, and they all range in severity. Less severe bugs enable threat actors to upload files to a directory in the appliance after exploiting the bug. While there are no public exploits available yet for these bugs, it is only a matter of time until there is.
In April 2021, there were reports of a ransomware variant FiveHands using a vulnerability in the SMA product to deploy attacks.
However the more noteworthy bugs, which include CVE-2021-20038, CVE-2021-20039 and CVE-2021-20045, have serious consequences.
The most severe is CVE-2021-20038, which was rated a CVSS score of 9.8 and enables a threat actor to enter as root and perform actions such as enabling and disabling security policies and access privileges. CVE-2021-20045 is similar to CVE-2021-20038 in that it is a group of heap- and stack-based buffer overflow bugs that allow remote code execution (RCE) as root.
CVE-2021-20039 is perhaps the most dangerous if left unpatched because it enables an authenticated threat actor to take over remote devices by injecting arbitrary commands as a root user.
What Should I Do?
We recommend that you immediately update your SMA 100 appliances with the most recent patch. There have been reports of this patch causing issues with registration after application of the patch. We recommend backing up and saving configuration previous to patching.
If you cannot patch, you should disable access from the internet to your SMA 100 until you can.
How Blumira Can Help
Blumira detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help.
Blumira’s free trial is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.
Sign up for a free trial to start detecting and mitigating exposure related to VPN vulnerabilities.
Matthew Warner
Matthew Warner is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. Prior to founding Blumira, he was Director of Security Services at NetWorks Group, a managed...
More from the blog
View All Posts
Security Alerts
11 min read
| December 12, 2024
SonicWall Advisory Reveals Two Unauthenticated Remote Code Execution Vulnerabilities
Read More
Security Alerts
4 min read
| June 12, 2023
Fortinet Fortigate SSL VPN Pre-Auth RCE Vulnerability (CVE-2023-27997)
Read More
Security Alerts
3 min read
| January 25, 2021
SonicWall Privilege Escalation: CVE-2020-5144
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.