This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile Access (SMA) 100 appliances. The vulnerability spotted as CVE-2021-20034 could potentially allow a remote unauthenticated hacker to delete arbitrary files from the targeted appliance and secure administrator access to the device.
“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody’. There is no evidence that this vulnerability is being exploited in the wild,” researchers explained.
The critical flaw has received a score of 9.1 out of 10 on the CVSS scale of severity. The products that are affected are SMA 100, 200, 210, 400, 410, and 500v; As there are no temporary mitigations, SonicWall recommends impacted users execute applicable patches as soon as possible.
Since the start of 2021, SonicWall SMA 100 series appliances have been targeted multiple times by ransomware gangs, with the end goal of moving laterally into the firm’s network.
Earlier, a threat group Mandiant tracked as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: SonicWall Patches Critical Flaw in SMA 100 Products