Deep packet inspection vendor SonicWall has spread a shocking news. Two recently patched security vulnerabilities in its SMA100 Secure Mobile Access appliances are currently being actively exploited. The announcement follows weeks after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added one of these flaws, CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. This critical flaw has a CVSS score of 7.2, meaning there’s a high risk to affected systems.
Cybersecurity experts are very concerned about the vulnerabilities in SonicWall’s appliances. These worries affect industries that rely on these devices and need strong remote access. Documented examples of exploitation are proof enough that nefarious actors could exploit systems through these devices. This sensitive state of affairs has already led to action from both SonicWall and CISA.
Details of the Vulnerabilities
The security vulnerability CVE-2021-20035 is limited to SonicWall SMA 100 Series gateways. This vulnerability provides remote unauthenticated access. It presents critical risk to the integrity of data and the security of networks and connected organizations that use these network appliances. SonicWall’s proactive measures to patch these vulnerabilities highlight their dedication to protecting user environments.
Furthermore, during ongoing post-research analysis and testing, SonicWall and known security collaborators discovered a second exploitation technique leveraging CVE-2024-38475. Using this new technique, it is possible to gain unlawful access to sensitive files, including options for session hijacking.
“During further analysis, SonicWall and trusted security partners identified an additional exploitation technique using CVE-2024-38475, through which unauthorized access to certain files could enable session hijacking,” – SonicWall
CISA’s Response and Recommendations
Supporting these findings with evidence, CISA has taken bold and impactful steps. Now you can see why CISA has added CVE-2021-20035 to its KEV catalog. This new addition provides organizations with visibility into current threats and motivates them to expedite remediation efforts to fix vulnerabilities. The agency urges all users and admins to patch these critical vulnerabilities by applying the appropriate patches released by SonicWall to prevent their systems from being exploited.
Companies need to seriously reconsider their security measures and make sure every patch is applied as quickly as possible. A high CVSS score creates an impression of urgency and immediate action needed. Systems that do not have the newest patches are low-hanging fruit to be exploited.
Importance of Cybersecurity Awareness
The widespread and active exploitation of these vulnerabilities is a stark reminder that maintaining an organization’s cybersecurity is a continuing challenge. Cyber threats—from ransomware to social media disinformation campaigns—are changing and increasing in sophistication on a daily basis. Enterprises need to know what risks are out there in order to proactively mitigate them.
SonicWall’s release combined with the involvement of CISA is a clear reminder that we must all remain ever vigilant and proactive in our cybersecurity practices. It is imperative that organizations continuously update solutions with the latest information and invest in employee education to protect against these vulnerabilities.