The network security company SonicWall announced fixing the vulnerabilities that have been found. The company emphasized that they found no evidence of exploitation of their vulnerabilities. With the announcement, SonicWall also gave details about the flaws and the firmware updates that fix them.
SMA 100 series applications are effected
The flaws were found in SMA (Secure Mobile Access) 100 series applications, which include SMA 200, 210, 400, 410, and 500v. SMA 100 series with WAF enabled were also impacted by the flaws. Those flaws are either been patched or mitigated via firmware updates. The company strongly urges the customers using those products to update their firmware immediately.
The flaws include unauthenticated stack-based buffer overflow, command injection vulnerability as root, file upload path traversal, CPU exhaustion, confused deputy, getBookmarks heap-based buffer overflow, post-authentication remote code execution, and file explorer heap-based and stack-based buffer overflows.
To apply the firmware, SonicWall guides their customers with those steps:
Customers should immediately update their firmware to latest version in order to secure their devices
- Navigate to System > Settings, click Export Settings. You will get a prompt to save to a location.
- Once you have the settings exported you can download the firmware from mysonicwall.com.
- Once logged in navigate to Downloads. In the drop-down for Software Type choose the hardware platform you are going to upgrade.
- Click on the latest firmware link.
- From the web interface of the SMA appliance navigate to System > Settings. Click Upload New Firmware.
- Browse to the downloaded firmware. Once the file has finished uploading you will see the new version in New Firmware.
- Click New Firmware.
- Click on the Boot button. The device will boot. Wait for the login page.
- Login to the appliance and verify that the appliance upgraded successfully by going to System > Status.