====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN073
_____________________________________________________________________

DATE                : 04/02/2021

HARDWARE PLATFORM(S): SMA 200, SMA 210, SMA 400, SMA 410,
                      SMA 500v (Azure, AWS, ESXi, HyperV).

OPERATING SYSTEM(S): SMA 100 devices firmware versions prior to
                                     10.2.0.5-d-29sv.

=====================================================================
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-3-2-p-m-cst/210122173415410/
_____________________________________________________________________

Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x

9.8


Overview

Advisory ID 	        SNWLID-2021-0001
First Published 	2021-01-23
Last Updated            2021-02-03
Workaround              true
Status                  Applicable
CVE                     CVE-2021-20016
CWE                     CWE-89
CVSS v3                 9.8
CVSS Vector             CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Direct Link

	
Summary

A vulnerability resulting in improper SQL command neutralization in the
SonicWall SSLVPN SMA100 product allows remote exploitation for
credential access by an unauthenticated attacker. This vulnerability
impacts SMA100 build version 10.x.


Affected Product(s)

Affected SMA 100 devices with 10.x firmware that requires the critical
patch

    Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
    Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)


CPE(s)


Workaround

1) Enable multifactor authentication (MFA) as a safety measure.

  - MFA has an invaluable safeguard against credential theft and is a
key measure of good security posture.

  - MFA is effective whether it is enabled on the appliance directly or
on the directory service in your organization.

2) Enable WAF on SMA100.

3) Reset the passwords for any users who may have logged into the device
via the web interface.


Fixed Software
10.2.0.5-d-29sv


Comments

Credit(s)

Richard Warren and Ollie Whitehouse - NCC Group
Kings Court, Kingston Road, Leatherhead, KT22 7SL
Website: www.nccgroup.com
Twitter: @NCCGroupplc


Revision History

    Version

    1.0

    Date

    23-Jan-2021

    Description

    Initial Release.


----------------------------------------------------------------------------------

    Version

    1.1

    Date

    24-Jan-2021

    Description

    Updated Affected product(s) and Workaround section.


----------------------------------------------------------------------------------

    Version

    1.2

    Date

    01-Feb-2021

    Description

    Confirmed Zero-day vulnerability in the SMA100 build version 10.x.


----------------------------------------------------------------------------------

    Version

    1.3

    Date

    03-Feb-2021

    Description

    Availability of patch build SMA 100 series firmware 10.2.0.5-29sv



Reference(s)

https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-3-2-p-m-cst/210122173415410/


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================