SonicWall Has Found Large Vulnerabilities

SonicWall have found vulnerabilities in a product which has resulted in the urging of customers to fix multiple high-risk security weaknesses. Secure Mobile Access (SMA) 1000 Series line of products flaws might allow attackers to evade authorisation and compromise unpatched equipment.

SonicWall SMA 1000 SSLVPN solution ease end-to-end secure remote access to business resources in on-premises, cloud, and hybrid data centre environments.

The Vulnerabilities

The first vulnerability (a high-severity unauthenticated access control bypass) has been assigned CVE-2022-22282. However the other two (a hard-coded cryptographic key and an open redirect, both of medium severity) are currently awaiting a CVE ID.

SonicWall strongly advises enterprises utilising the SMA 1000 series products to upgrade to the most recent patch, the company writes in a security advisory released last week.

SonicWall, on the other hand, stated that no evidence of these vulnerabilities being exploited in the field was discovered.
The vulnerabilities do not affect SMA 1000 series devices running versions prior to 12.4.0, SMA 100 series products, CMS, or remote access clients, according to the company.

The following SMA 1000 Series models are affected by the security flaws: 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure).

SummaryCVSS ScoreImpacted Firmware
1. Unauthenticated access control bypass8.2 (High)12.4.0
2. Use of hard-coded cryptographic key5.7 (Medium)12.4.0
3. URL redirection to an untrusted site (open redirection)6.1 (Medium)12.4.0

The most serious of the three flaws is CVE-2022-22282, which allows unauthenticated attackers to bypass access control and obtain access to internal resources. This vulnerability can be remotely exploited in low-complexity attacks that don’t involve any user input.

If left unpatched and exploited by attackers, the hard-coded cryptographic key weakness can have catastrophic repercussions, allowing them to get access to encrypted passwords.

According to MITRE’s CWE database, the use of a hard-coded cryptographic key considerably enhances the probability of encrypted data being recovered.

If cryptographic keys are hard-coded, malicious attackers will almost certainly acquire access through the account in question.

Ransomware has targeted SonicWall devices

Threat actors would most likely seek for ways to compromise SMA 1000 series VPN appliances because they are utilised to protect remote connections into corporate networks.

HelloKitty/FiveHands operators were detected leveraging zero-day vulnerability in SMA 100 appliances, which has a history of being targeted in ransomware attacks.

SonicWall also warned in July 2021 that end-of-life SMA 100 series and Secure Remote Access systems will be more vulnerable to ransomware assaults.

SonicWall’s products are used by over 500,000 commercial clients in 215 countries and territories across the world. With many of them deployed on the networks of government agencies and the world’s major corporations.

Last weeks article by Arjun is available here.

Share This Post:

Arjun Gopireddy
Arjun Gopireddy
Arjun is an Information Security Specialist, and his main role is to support our clients by identifying and advising on mitigating information security risks. Holding a Master’s degree in Cyber Security (UK) and Engineering Management (USA) his knowledge and skills are shared with our clients. Outside of work Arjun likes watching movies, travelling, playing cricket, football and doing adventurous things such as sky diving. He is the biggest fan of Yuvraj Singh – a former Indian international cricketer.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue