SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities.
IMPORTANT: There is no evidence that these vulnerabilities are being exploited in the wild.
Details for each patch can be found in PSIRT Advisory SNWLID-2021-0026.
SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v appliances.
TEMPORARY MITIGATIONS
There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible.
RESOLUTION
Organizations using SMA 100 series appliances should immediately log in to MySonicWall.com to upgrade their appliances to the patched firmware versions outlined below. For upgrade assistance, please reference the KB article, “How to Upgrade Firmware on SMA 100 Series Appliances” or contact SonicWall support.
Impacted Platform: SMA 100 Series SMA 200, 210, 400, 410, 500v (ESX, Hyper-V, KVM, AWS, Azure) |
ISSUE ID | Summary | CVSS Score | Impacted Firmware | Fixed Firmware | CVE |
SMA-3217 | Unauthenticated Stack-based Buffer Overflow | 9.8 High | 10.2.1.0-17sv (and earlier)
| 10.2.1.3-27sv
| CVE-2021-20038 |
10.2.1.1-19sv (and earlier)
| 10.2.1.3-27sv
|
10.2.1.2-24sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3204 | Authenticated Command Injection Vulnerability as Root | 7.2 High | 9.0.0.11-31sv* (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20039 |
10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
|
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3206 | Unauthenticated File Upload Path Traversal Vulnerability | 6.5 Medium | 10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20040 |
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3207 | Unauthenticated CPU Exhaustion Vulnerability | 7.5 High | 9.0.0.11-31sv*
| 10.2.0.9-41sv
| CVE-2021-20041 |
10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
|
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3208 | Unauthenticated "Confused Deputy" Vulnerability | 6.3 Medium | 9.0.0.11-31sv* (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20042 |
10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
|
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3231 | getBookmarks Heap-based Buffer Overflow | 8.8 High | 10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20043 |
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3233 | Post-Authentication Remote Code Execution (RCE) | 7.2 High | 10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20044 |
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
SMA-3235 | Multiple Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows | 9.4 High | 10.2.0.8-37sv (and earlier)
| 10.2.0.9-41sv
| CVE-2021-20045 |
10.2.1.1 -19sv (and earlier)
| 10.2.1.3-27sv
|
NOTE: Support for 9.0.0 firmware ended on 10/31/2021. Customers still using that firmware are requested to upgrade to the latest 10.2.x versions