Rewterz

Rewterz Threat Advisory – CVE-2021-29785 – IBM Security SOAR Vulnerability

January 25, 2022
Rewterz

Rewterz Threat Advisory – CVE-2022-23437 – Apache Xerces2 Java XML Parser Vulnerability

January 25, 2022

Rewterz Threat Update – Critical SonicWall RCE Bug Actively Targeted by Threat Actors

Severity

High

Analysis Summary

A critical severity vulnerability impacting SonicWall’s Secure Mobile Access (SMA) gateways. addressed last month, is now targeted in ongoing exploitation attempts. The bug, found by Security Researcher Jacob Baines, is an unauthenticated stack-based cradle flood followed as CVE-2021-20038 that impacts SMA 100 series apparatuses (counting SMA 200, 210, 400, 410, and 500v) in any event, when the web application firewall (WAF) is empowered. 
Successful exploitation can let remote unauthenticated assailants execute code as the ‘no one’ client in compromised SonicWall machines. 


“Some attempts on CVE-2021-20038 (SonicWall SMA RCE). Also some password spraying of default passwords from the past few days. Remember to update AND change the default password,”

For example, the CVE-2021-20016 SMA 100 zero-day was utilized to convey FiveHands ransomware beginning with January 2021 when it was additionally taken advantage of in assaults against SonicWall’s inner frameworks. Prior to being fixed fourteen days after the fact, toward the beginning of February 2021, a similar defect was likewise manhandled unpredictably in the wild.

CVE-2021-20016 

SonicWall SSLVPN SMA100 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to access username passwords and other session-related information.

Impact

  • Data Manipulation
  • Information Theft
  • Buffer Overflow

Affected Vendors

  • Sonicwall

Affected Products

  • SonicWall SMA100 appliance 10.2.0.2-20sv

Remediation

Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.