Post-Auth OS Command Injection vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

<p><b>NOTE: SonicWall PSIRT has observed threat actors targeting EOL SRA devices (CVE-2021-20028), and active exploitation of this vulnerability is likely.</b><br></p><p>SonicWall is aware of a ‘Post Authentication OS Command Injection’ vulnerability, reported by Compass Security, impacting end-of-life Secure Remote Access (SRA) series products, specifically appliances running all 8.x or 9.0.0.5-19sv and earlier versions. A<span style="font-size: 1rem;">nd Secure Mobile Access (SMA) 100 series products running old firmware 9.0.0.9-26sv and earlier versions.</span></p><p>In February 2021, SonicWall <a href="https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-april-29-2021-12-30-p-m-cst/210122173415410/" target="_blank">released SMA firmware 10.2.0.7 and 9.0.0.10 to fix a zero-day vulnerability</a>, along with additional comprehensive code-strengthening. This strengthening proactively prevented this newly reported vulnerability in versions 9.0.0.10 and later.</p><ul><li>-&nbsp; &nbsp;Organizations that previously upgraded to the 9.0.0.10 firmware or later are already protected against this newly reported issue and no action is required.</li><li>-&nbsp; &nbsp;Organizations with any 10.x versions are not impacted by this vulnerability as the vulnerable feature was deprecated in the 10.x release.<br></li><li>-&nbsp; &nbsp;Organizations running any firmware versions of 8.x or older than 9.0.0.10 or 10.2.0.7 should, per our earlier instructions, upgrade immediately. These older versions may potentially be exploited if not patched immediately.</li></ul><p><b>IMPORTANT:</b> SMA 1000 series products are not affected by this vulnerability.<br></p>
CVE: CVE-2022-22273
Last updated: March 12, 2022, 2:48 a.m.

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *