- Sonicwall updated a security advice for a secure mobile access error
- Cisa added the mistake to her kev
- Fceb -Agency has three weeks to apply the patch
The US Cyber Security and Infrastructure Security Agency (CISA) has added an ancient Sonicwall vulnerability to its known utilized vulnerabilities (KEV) catalog, confirming that it is used in nature.
As a result, the federal civilian executive branch (FCCEB) has three weeks to install Patch or stop using the product completely.
By the end of 2021, Sonicwall released a security advice and warned its users of the wrong neutralization vulnerability affecting multiple Sonicwall Secure Mobile Access (SMA) appliances. At that time, the company said the error could be used to take down vulnerable final points with an attack on denial of service (DOS). However, the company has now updated the advisory to warn of abuse of wild and upgrade its severity from medium to high (7.2).
Abuse in nature
“Incorrect neutralization of special elements of the SMA100 control interface allows a distant approved striker to inject arbitrary commands as a ‘no’ user, which could potentially lead to code execution,” Sonicwall said.
The error affects SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500V (ESX, KVM, AWS, AZURE) devices.
At the same time, CISA added the mistake to Kev and warned of abuse in nature. While its binding operational Directive 22-01 (which forces organizations to install Patch) only applies to public agencies, they must be aware of in the private sector when KEV gets a new item.
“These types of vulnerabilities are frequent attack vectors for malicious cyclists and pose significant risks to the federal business,” Cisa said.
By 2021, Sonicwall suffered one of its biggest attacks ever, as a threat actor is traced as UNC2447 abused a SQL injection vulnerability in the SMA100 incidence to gain unauthorized access to network. After the violation, they deployed the Sombrat Back door and a ransomware variant called five -hands.
Via Bleeping computer
