Imechapishwa: Feb 04, 2021 14:07
Advisory No:
Source:
Software Affected:
Advisory No: TZCERT/SA/2021/02/04
Date of First Release: 04th February 2021
Source: Sonic Wall
Software Affected:
SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)
Overview:
This vulnerability is caused by improper SQL command neutralization in SonicWall SSLVPN SMA100 products that could allow unauthenticated, remote attacker exploit for credential access.
Description:
In SonicWall SSL VPN SMA 100 products, the SQL injection bug could allow an unauthenticated attacker to perform SQL query to access username, password, and other session-related information. The flaw affects both physical and virtual SMA 100 version 10.x devices.
Impact:
Successful exploitation of the vulnerability could allow an unprivileged user to gain access to the system.
Solution:
SonicWall has issued both workaround and security update to address the affected firmware. Users and administrators are advised to upgrade firmware to the latest stable version.
Workaround
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.