As attacks against VPN devices are on the rise to deliver ransomware payloads, legacy SonicWall Secure Remote Access (SRA) 4600 are being targeted for a SQL injection exploit that was thought to be patched in newer device firmware. CrowdStrike has confirmed that firmware versions 8.x and 9.x are vulnerable to CVE-2019-7481, even when running SMA device firmware versions 184.108.40.206 and 220.127.116.11. SonicWall PSIRT confirmed that legacy SRA devices could use the newer SMA firmware updates and that the devices were interchangeable. After CrowdStrike shared their findings, SonicWall PSIRT confirmed that SRA devices were end of life and that the current mitigation for this issue is to install the latest 10.x SMA firmware.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in