Critical SonicWall RCE Bug Actively Targeted by Threat Actors

A critical SonicWall RCE bug is now on the radar of hackers, as these are massively trying to exploit it. The vulnerability is related to the Secure Mobile Access (SMA) gateways of SonicWall and was addressed by the company in the month of December 2021 for which CVE-2021-20038 was assigned.

More Details about the SonicWall RCE Bug

Security researcher Jacob Baines from Rapid7 was the one that identified this vulnerability that can be basically described as an unauthenticated stack-based buffer overflow. The impacted appliances were SMA 100 series and here also SMA 200, 210, 400, 410, and 500v can be mentioned. This bug has an impact on the mentioned instances no matter if the web application firewall (WAF) is on.

The danger posed by this vulnerability lies in the fact that if threat actors successfully manage to exploit it would lead to code execution in the compromised appliances.

Recently, Richard Warren from NCC Group tweeted about this matter underlining the vulnerability’s massive exploitation by threat actors. It seems that they also lead brute force attacks through a technique of password spraying the default passwords.

Some attempts itw on CVE-2021-20038 (SonicWall SMA RCE). Also some password spraying of default passwords

Read More: https://heimdalsecurity.com/blog/critical-sonicwall-rce-bug-actively-targeted-by-threat-actors/