SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034, that impacting several Secure Mobile Access (SMA) 100 series products. The vulnerability is an improper access control vulnerability that can be exploited by a remote, unauthenticated attacker to gain admin access on targeted devices.
“An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.” reads the advisory published by SonicWall.
Affected products are:
The company did not provide mitigations for this issue, the good news is that it is not aware of attacks in the wild exploiting the flaw.
SonicWall urges organizations using SMA 100 series appliances to immediately install the latest firmware versions that addresses the the above vulnerability.
(SecurityAffairs – hacking, SonicWall)