CVE-2021-20016: SonicWall SSL-VPN SMA Zero-Day Vulnerability Alert

by ·

On February 4, 2021, SonicWall issued a risk notice for SSL-VPN SMA products, the vulnerability number is CVE-2021-20016. The vulnerability score CVSS v3 is 9.8.

There is a serious program logic error in the SonicWall SSL-VPN SMA100 product, which allows an unauthenticated attacker to construct a SQL query to affect internal authentication, resulting in unauthorized login. The attacker can directly take over the control authority of the corresponding device through the network link without authorization.

Vulnerability Detail

A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x.

Affected version

  • SMA100 build version 10.x

Unaffected version

  • SMA100 build version 10.2.0.5-d-29sv

Solution

In this regard, we recommend that users upgrade SonicWall SSL-VPN SMA to the latest version in time.
Temporary repair suggestions

1) Enable multifactor authentication (MFA) as a safety measure.

  – MFA has an invaluable safeguard against credential theft and is a key measure of good security posture.

  – MFA is effective whether it is enabled on the appliance directly or on the directory service in your organization.

2) Enable WAF on SMA100.

3) Reset the passwords for any users who may have logged into the device via the web interface.

Tags: