SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile Access (SMA) 100 appliances. The vulnerability spotted as CVE-2021-20034 could potentially allow a remote unauthenticated hacker to delete arbitrary files from the targeted appliance and secure administrator access to the device.
“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody’. There is no evidence that this vulnerability is being exploited in the wild,” researchers explained.
The critical flaw has received a score of 9.1 out of 10 on the CVSS scale of severity. The products that are affected are SMA 100, 200, 210, 400, 410, and 500v; As there are no temporary mitigations, SonicWall recommends impacted users execute applicable patches as soon as possible.
Since the start of 2021, SonicWall SMA 100 series appliances have been targeted multiple times by ransomware gangs, with the end goal of moving laterally into the firm’s network.
Earlier, a threat group Mandiant tracked as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to set up a new ransomware strain known as FiveHands. Their attacks targeted multiple North American and European organizations before SonicWall released patches in late February 2021. A similar zero-day flaw was also abused in January in attacks targeting SonicWall’s internal systems and later instinctively exploited in the wild.
Earlier this year in July, SonicWall issued a warning for an increased threat of ransomware attacks targeting unpatched end-of-life (EoL) SMA 100 series and Secure Remote Access (SRA) devices. Security researchers at CrowdStrike and CISA added to SonicWall’s warning saying that the ransomware campaign was ongoing.
The latest updates for SMA 100 series products also address two medium-severity flaws, including one that can direct to privilege escalation to root, and one that can be abused for authenticated arbitrary code injection and DoS attacks.
SonicWall recently revealed that its products are used by more than half a million customers in over 215 countries and territories worldwide. Many of them are deployed on the networks of the world’s largest organizations, businesses, and government agencies.