According to researchers, threat actors are actively targeting a critical flaw in SonicWall’s Secure Mobile Access (SMA) gateways. The vulnerabilities were first seen in December 2021 and were accompanied by a patch after their release. The vulnerabilities addressed by SonicWall were two critical stack-based buffer overflow vulnerabilities tracked as CVE-2021-20038 and CVE-2021-20045. A remote attacker can trigger these vulnerabilities to potentially execute as the ‘nobody’ user in compromised appliances. The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the Web Application Firewall (WAF) is enabled.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased