Improper Neutralization of Special Elements used in an SQL Command leading to SQL Injection vulnerability Impacting End-Of-Life SRA Appliances

<p><span style="font-family: Arial, sans-serif;">SonicWall is aware of i</span><font face="Arial, sans-serif">mproper neutralization of a SQL Command leading to SQL Injection vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware or an old version of firmware 9.x ( or earlier).&nbsp;</font></p><p><font face="Arial, sans-serif">In February 2021, SonicWall released SMA firmware and to fix a zero-day vulnerability, along with additional comprehensive code-strengthening. This strengthening proactively prevented this newly reported vulnerability in</font></p><ul><li><font face="Arial, sans-serif">Organizations that already upgraded to the firmware are already protected against this newly reported issue and don’t need to take any action.</font></li><li><font face="Arial, sans-serif">Organizations with any 10.x version is not subject to this vulnerability as the vulnerable feature was deprecated in the 10.x release.</font></li><li><font face="Arial, sans-serif">Organizations running any firmware versions of 8.x or older than or should, per our earlier instructions, upgrade immediately. These older versions may potentially be exploited if not patched immediately.</font></li><li><font face="Arial, sans-serif">SMA 1000 Series products are not affected by this vulnerability.&nbsp;<br></font></li></ul>
CVE: CVE-2021-20028
Last updated: Aug. 4, 2021, 8:09 p.m.

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *