Patch critical vulnerabilities in SonicWall SMA 100

[German]SonicWall's Secure Mobile Access (SMA) 100-Series solution provides secure end-to-end remote access to enterprise resources hosted in on-premise, cloud and hybrid data centers. Vendor SonicWall is now urging users of its SMA 100 devices (SECURE MOBILE ACCESS 100-SERIES) to patch. Security researchers have found two critical vulnerabilities in the firmware, for which the manufacturer is providing security updates.

In its December 9, 2021 Security Notice,  the vendor announced that it has reviewed and patched critical and moderate severity vulnerabilities (CVSS 5.3-9.8) in the SMA 100-Series appliances, which include the SMA 200, 210, 400, 410 and 500v products. SMA 100-series appliances with WAF enabled are also affected by most of these vulnerabilities. The following vulnerabilities are listed on this web page:

Critical vulnerabilities CVE-2021-20038 (CVSS 9.8) and CVE-2021-20045 (CVSS 9.4) in the SMA 100 appliances could allow an unauthenticated attacker to cause a stack-based buffer overflow. The CVE-2021-20038 vulnerability is due to the Apache httpd server GET method of SonicWall SMA SSLVPN using a single stack-based buffer in the environment variables of the mod_cgi module using `strcat`. This allows remote attackers to perform a stack-based buffer overflow that would lead to code execution.

Both vulnerabilities allow code execution in the SMA100 appliance as a nobody user. SMA 100 users with WAF enabled are also affected by this vulnerability. There is no evidence yet that the vulnerabilities listed in the table above are being exploited in the wild. SonicWall strongly recommends that organizations follow the instructions to patch the SMA 100 series products. The linked page also lists the details of the remaining vulnerabilities from the table above. It should not be long before these vulnerabilities are exploited by cybercriminals.