SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs


SonicWall ‘strongly urges’ organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.

The bugs (reported by Rapid7’s Jake Baines and NCC Group’s Richard Warren) impact SMA 200, 210, 400, 410, and 500v appliances even when the web application firewall (WAF) is enabled.

The highest severity flaws patched by SonicWall this week are CVE-2021-20038 and CVE-2021-20045, two critical Stack-based buffer overflow vulnerabilities that can let remote unauthenticated attackers execute as the ‘nobody’ user in compromised appliances.

Read more…
Source: Bleeping Computer