SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

SonicWall Responds to Critical Security Flaw in SMA 100 Series Devices

On September 25, 2021, SonicWall, a prominent player in the network security landscape, announced that it has issued patches addressing a significant security vulnerability affecting its Secure Mobile Access (SMA) 100 series devices. This flaw, identified as CVE-2021-20034, allows remote and unauthenticated attackers to gain unauthorized administrator access to the affected devices, posing a serious risk to their integrity.

The vulnerability centers around an arbitrary file deletion issue rated 9.1 on the Common Vulnerability Scoring System (CVSS), which ranges from zero to ten. This high rating reflects the potential for attackers to bypass critical path traversal checks, enabling them to delete any file from the system. Such actions could result in the devices reverting to their factory default settings, significantly disrupting operations for organizations that rely on these appliances.

According to SonicWall’s advisory, this vulnerability arises from improper limitations on file paths, which can inadvertently lead to arbitrary deletions executed as the user ‘nobody.’ The advisory explicitly states that there have been no confirmed instances of this vulnerability being exploited in the wild, providing a degree of reassurance for users of the affected devices.

SonicWall acknowledged the contribution of Wenxu Yin from Alpha Lab at Qihoo 360, who reported the security issue, thereby facilitating a timely response from the company. The breach primarily affects various models within the SMA 100 series line, including the SMA 200 and SMA 210.

From a security perspective, the potential tactics and techniques that may have been employed by adversaries associated with this vulnerability align with the MITRE ATT&CK framework. Initial access could have been gained through various means, including exploiting unpatched systems or using social engineering tactics. The capability to delete files at an administrative level suggests significant privilege escalation opportunities for attackers once they gain a foothold within the network.

As businesses increasingly rely on remote access solutions in a landscape shaped by digital transformation, this incident underscores the critical need for robust security practices. Regularly updating systems with the latest security patches and maintaining vigilant monitoring of network traffic are vital to safeguarding sensitive data from potential exploits arising from such vulnerabilities.

Amid the evolving threat landscape, organizations must remain diligent about the potential ramifications of vulnerabilities such as CVE-2021-20034. Awareness and proactive measures are essential to mitigate risks associated with cybersecurity incidents that could otherwise have far-reaching impacts on business operations and data security.

Source link

Related Posts

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.

Code Execution Vulnerability Discovered in Yamale Python Package, Impacting Over 200 Projects

On October 7, 2021, a serious code injection vulnerability was identified in Yamale, a schema and validator for YAML files developed by 23andMe. This flaw could be easily exploited by attackers to execute arbitrary Python code. Designated as CVE-2021-38305 with a CVSS score of 7.8, the vulnerability arises from the improper handling of the schema file input, enabling circumvention of security measures.

The issue lies within the schema parsing function, which inadequately evaluates and executes all inputs, allowing maliciously crafted strings to execute system commands. Yamale is widely utilized by developers for validating YAML, a data serialization language commonly used in configuration files, with at least 224 repositories on GitHub relying on this package. This vulnerability presents a significant risk for any projects that utilize input schema files, enabling potential Python code injection for those with access.

Major Vulnerability in OpenSea Could Have Allowed Hackers to Steal Cryptocurrency from User Wallets

Oct 13, 2021

A recently patched critical vulnerability in OpenSea, the leading marketplace for non-fungible tokens (NFTs), had the potential to be exploited by hackers to siphon cryptocurrency from victims by sending specially-crafted tokens. This revelation comes from cybersecurity firm Check Point Research, which launched an investigation following reports of cryptocurrency theft linked to free airdropped NFTs. The issues were resolved within an hour of responsible disclosure on September 26, 2021. “If left unaddressed, these vulnerabilities could have permitted hackers to seize user accounts and drain entire cryptocurrency wallets by crafting malicious NFTs,” stated researchers from Check Point. NFTs, as unique digital assets, include items like photos, videos, and audio, traded on the blockchain, which serves as a certificate of authenticity.