Explore tailored GAP analyses for ISO standards or take a comprehensive GAP analysis. Learn More
× Teams Logo Book a Teams Meeting
Hopping Frog with Grass and Disappearing Sign

SonicWall Has Found Large Vulnerabilities

SonicWall have found vulnerabilities in a product which has resulted in the urging of customers to fix multiple high-risk security weaknesses. Secure Mobile Access (SMA) 1000 Series line of products flaws might allow attackers to evade authorisation and compromise unpatched equipment.

SonicWall SMA 1000 SSLVPN solution ease end-to-end secure remote access to business resources in on-premises, cloud, and hybrid data centre environments.

The Vulnerabilities

The first vulnerability (a high-severity unauthenticated access control bypass) has been assigned CVE-2022-22282. However the other two (a hard-coded cryptographic key and an open redirect, both of medium severity) are currently awaiting a CVE ID.

SonicWall strongly advises enterprises utilising the SMA 1000 series products to upgrade to the most recent patch, the company writes in a security advisory released last week.

SonicWall, on the other hand, stated that no evidence of these vulnerabilities being exploited in the field was discovered.
The vulnerabilities do not affect SMA 1000 series devices running versions prior to 12.4.0, SMA 100 series products, CMS, or remote access clients, according to the company.

The following SMA 1000 Series models are affected by the security flaws: 6200, 6210, 7200, 7210, 8000v (ESX, KVM, Hyper-V, AWS, Azure).

SummaryCVSS ScoreImpacted Firmware
1. Unauthenticated access control bypass8.2 (High)12.4.0
12.4.1
2. Use of hard-coded cryptographic key5.7 (Medium)12.4.0
12.4.1
3. URL redirection to an untrusted site (open redirection)6.1 (Medium)12.4.0
12.4.1

The most serious of the three flaws is CVE-2022-22282, which allows unauthenticated attackers to bypass access control and obtain access to internal resources. This vulnerability can be remotely exploited in low-complexity attacks that don’t involve any user input.

If left unpatched and exploited by attackers, the hard-coded cryptographic key weakness can have catastrophic repercussions, allowing them to get access to encrypted passwords.

According to MITRE’s CWE database, the use of a hard-coded cryptographic key considerably enhances the probability of encrypted data being recovered.

If cryptographic keys are hard-coded, malicious attackers will almost certainly acquire access through the account in question.

Ransomware has targeted SonicWall devices

Threat actors would most likely seek for ways to compromise SMA 1000 series VPN appliances because they are utilised to protect remote connections into corporate networks.

HelloKitty/FiveHands operators were detected leveraging zero-day vulnerability in SMA 100 appliances, which has a history of being targeted in ransomware attacks.

SonicWall also warned in July 2021 that end-of-life SMA 100 series and Secure Remote Access systems will be more vulnerable to ransomware assaults.

SonicWall’s products are used by over 500,000 commercial clients in 215 countries and territories across the world. With many of them deployed on the networks of government agencies and the world’s major corporations.

Last weeks article by Arjun is available here.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue