Critical Vulnerability in SonicWall Products

Published on 24 Sep 2021

Updated on 24 Sep 2021

SonicWall has released security updates to address a critical vulnerability (CVE-2021-20034) found in their products. This vulnerability may allow an unauthenticated attacker to delete arbitrary files and gain administrator access to devices remotely.

 

This vulnerability affects the following versions of the Secure Mobile Access (SMA) 100 series (SMA 200, 210, 400, 410, 500v):

 

  • 10.2.1.0-17sv and earlier
  • 10.2.0.7-34sv and earlier
  • 9.0.0.10-28sv and earlier

 

Users and administrators of the affected versions are advised to upgrade to the latest product versions immediately.

 

More information is available here:
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/

https://www.bleepingcomputer.com/news/security/sonicwall-fixes-critical-bug-allowing-sma-100-device-takeover/