SonicWall have found vulnerabilities in a product which has resulted in the urging of customers to fix multiple high-risk security weaknesses. Secure Mobile Access (SMA) 1000 Series line of products flaws might allow attackers to evade authorisation and compromise unpatched equipment.
SonicWall SMA 1000 SSLVPN solution ease end-to-end secure remote access to business resources in on-premises, cloud, and hybrid data centre environments.
The Vulnerabilities
The first vulnerability (a high-severity unauthenticated access control bypass) has been assigned CVE-2022-22282. However the other two (a hard-coded cryptographic key and an open redirect, both of medium severity) are currently awaiting a CVE ID.
SonicWall strongly advises enterprises utilising the SMA 1000 series products to upgrade to the most recent patch, the company writes in a security advisory released last week.
SonicWall, on the other hand, stated that no evidence of these vulnerabilities being exploited in the field was discovered.
The vulnerabilities do not affect SMA 1000 series devices running versions prior to 12.4.0, SMA 100 series products, CMS, or remote access clients, according to the company.
The following SMA 1000 Series models are affected by the security flaws: 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure).
| Summary | CVSS Score | Impacted Firmware |
| 1. Unauthenticated access control bypass | 8.2 (High) | 12.4.0 12.4.1 |
| 2. Use of hard-coded cryptographic key | 5.7 (Medium) | 12.4.0 12.4.1 |
| 3. URL redirection to an untrusted site (open redirection) | 6.1 (Medium) | 12.4.0 12.4.1 |
The most serious of the three flaws is CVE-2022-22282, which allows unauthenticated attackers to bypass access control and obtain access to internal resources. This vulnerability can be remotely exploited in low-complexity attacks that don’t involve any user input.
If left unpatched and exploited by attackers, the hard-coded cryptographic key weakness can have catastrophic repercussions, allowing them to get access to encrypted passwords.
According to MITRE’s CWE database, the use of a hard-coded cryptographic key considerably enhances the probability of encrypted data being recovered.
If cryptographic keys are hard-coded, malicious attackers will almost certainly acquire access through the account in question.
Ransomware has targeted SonicWall devices
Threat actors would most likely seek for ways to compromise SMA 1000 series VPN appliances because they are utilised to protect remote connections into corporate networks.
HelloKitty/FiveHands operators were detected leveraging zero-day vulnerability in SMA 100 appliances, which has a history of being targeted in ransomware attacks.
SonicWall also warned in July 2021 that end-of-life SMA 100 series and Secure Remote Access systems will be more vulnerable to ransomware assaults.
SonicWall’s products are used by over 500,000 commercial clients in 215 countries and territories across the world. With many of them deployed on the networks of government agencies and the world’s major corporations.
Last weeks article by Arjun is available here.
