Critical SonicWall NAC Vulnerability Stems from Apache Mods

Researchers offer more detail on the bug, which can allow attackers to completely take over targets.

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution (RCE) on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server.

The bug (CVE-2021-20038) is one of five vulnerabilities discovered in its series of popular network access control (NAC) system products.

In October, Rapid7 lead security researcher Jake Baines discovered the flaws in Sonic Wall’s Secure Mobile Access (SMA) 100 series of devices, which includes SMA 200, 210, 400, 410 and 500v, he wrote in a report published Tuesday.

Sonic Wall’s SMA 100 line provides end-to-end secure remote access to corporate resources, whether they are hosted on-premise, in the cloud or in hybrid data centers. The suite also offers policy-enforced access control for corporate users to applications after establishing user and device identity and trust.

CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System (CVSS). It’s a stack buffer overflow vulnerability that an attacker can exploit to gain complete control of a device or

Read More: