Rewterz Threat Update – Critical SonicWall RCE Bug Actively Targeted by Threat Actors

Severity

High

Analysis Summary

A critical severity vulnerability impacting SonicWall’s Secure Mobile Access (SMA) gateways. addressed last month, is now targeted in ongoing exploitation attempts. The bug, found by Security Researcher Jacob Baines, is an unauthenticated stack-based cradle flood followed as CVE-2021-20038 that impacts SMA 100 series apparatuses (counting SMA 200, 210, 400, 410, and 500v) in any event, when the web application firewall (WAF) is empowered. 
Successful exploitation can let remote unauthenticated assailants execute code as the ‘no one’ client in compromised SonicWall machines. 

“Some attempts on CVE-2021-20038 (SonicWall SMA RCE). Also some password spraying of default passwords from the past few days. Remember to update AND change the default password,”

For example, the CVE-2021-20016 SMA 100 zero-day was utilized to convey FiveHands ransomware beginning with January 2021 when it was additionally taken advantage of in assaults against SonicWall’s inner frameworks. Prior to being fixed fourteen days after the fact, toward the beginning of February 2021, a similar defect was likewise manhandled unpredictably in the wild.

CVE-2021-20016 

SonicWall SSLVPN SMA100 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to access username passwords and other session-related information.

Impact

• Data Manipulation
• Information Theft
• Buffer Overflow

Affected Vendors

• Sonicwall

Affected Products

• SonicWall SMA100 appliance 10.2.0.2-20sv

Remediation

Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.