SMA 100 flaws in SonicWall VPN expose devices to remote takeover

If exploited, an unauthenticated, remote attacker can execute code as a “nobody user” in the device meaning attacker would get root access and gain full control of the device.

SonicWall, a renowned network security vendor is urging users to immediately update their SMA 100 [PDF] series devices with the latest version after detecting multiple security flaws.

Reportedly, exploiting these flaws, an unauthenticated, remote attacker can easily take complete control of the device as they would achieve root-level RCE. Successful exploitation can allow an attacker to execute arbitrary code, modify/delete files in certain directories, upload specially designed payloads, reboot the system remotely, exhaust the device’s CPU, bypass firewall rules.

Read: SonicWall hacked after 0-day flaws exploited by hackers

The San Jose-based SonicWall revealed that the flaws were discovered and reported by Rapid7’s Jake Baines and NCC Group’s Richard Warren.

What is SMA 100 Series

SonicWall’s Secure Mobile Access (SMA) 100-series VPN appliances provide end-to-end secure remote access to corporate networks and could be hosted on cloud, on-premise, and hybrid data centers. After establishing device/user identity and trust, the devices offer policy-enforced access control to apps after establishing device/user identity and trust.

About the Bugs

According to the company,

Read More: