SonicWall Releases Security Advisory for SMA 100 Series Appliances
SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances.
A remote attacker could exploit these vulnerabilities to take control of an affected system.
SMA 100 series appliances provide an organization’s employees with remote access to internal resources.
SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities.
Details for each patch can be found in PSIRT Advisory SNWLID-2021-0026.
SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v appliances.
| Summary | CVSS Score | Impacted Firmware | Fixed Firmware | CVE |
| Unauthenticated Stack-based Buffer Overflow | 9.8 High | 10.2.1.0-17sv (and earlier) | 10.2.1.3-27sv | CVE-2021-20038 |
| 10.2.1.3-27sv | ||||
| 10.2.1.3-27sv | ||||
| Authenticated Command Injection Vulnerability as Root | 7.2 High | 9.0.0.11-31sv* (and earlier) | 10.2.0.9-41sv | CVE-2021-20039 |
| 10.2.0.9-41sv | ||||
| 10.2.1.3-27sv | ||||
| Unauthenticated File Upload Path Traversal Vulnerability | 6.5 Medium | 10.2.0.8-37sv (and earlier) | 10.2.0.9-41sv | CVE-2021-20040 |
| 10.2.1.3-27sv | ||||
| Unauthenticated CPU Exhaustion Vulnerability | 7.5 High | 9.0.0.11-31sv* | 10.2.0.9-41sv | CVE-2021-20041 |
| 10.2.0.9-41sv | ||||
| 10.2.1.3-27sv | ||||
| Unauthenticated “Confused Deputy” Vulnerability | 6.3 Medium | 9.0.0.11-31sv* (and earlier) | 10.2.0.9-41sv | CVE-2021-20042 |
| 10.2.0.9-41sv | ||||
| 10.2.1.3-27sv | ||||
| getBookmarks Heap-based Buffer Overflow | 8.8 High | 10.2.0.8-37sv (and earlier) | 10.2.0.9-41sv | CVE-2021-20043 |
| 10.2.1.3-27sv | ||||
| Post-Authentication Remote Code Execution (RCE) | 7.2 High | 10.2.0.8-37sv (and earlier) | 10.2.0.9-41sv | CVE-2021-20044 |
| 10.2.1.3-27sv | ||||
| Multiple Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows | 9.4 High | 10.2.0.8-37sv (and earlier) | 10.2.0.9-41sv | CVE-2021-20045 |
| 10.2.1.3-27sv |
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.