CyberSecurity news
FlagThis
Ddos@securityonline.info
//
SonicWall has released critical security updates to address three vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. The vulnerabilities, discovered by Rapid7 cybersecurity researcher Ryan Emmons, impact SMA 200, 210, 400, 410, and 500v devices running firmware version 10.2.1.14-75sv and earlier. The most severe of these flaws, CVE-2025-32819, has a CVSS score of 8.8 and could allow a remote authenticated attacker with SSL-VPN user privileges to bypass path traversal checks and delete arbitrary files, potentially leading to a reboot to factory default settings. SonicWall urges users to upgrade to the fixed release version 10.2.1.15-81sv and higher immediately.
Additionally, the advisory outlines CVE-2025-32820, a post-authentication SSLVPN user Path Traversal vulnerability with a CVSS score of 8.3. This flaw enables a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. A third vulnerability, CVE-2025-32821, carries a CVSS score of 6.7 and allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers suggest that these vulnerabilities can be chained together by attackers to gain remote code execution as root and compromise vulnerable instances.
As a workaround and additional safety measure, SonicWall recommends enabling multifactor authentication (MFA) on the devices, enabling WAF on SMA100 and resetting the passwords for any users who may have logged into the device via the web interface. The cybersecurity company also noted that CVE-2025-32819 may have been exploited in the wild as a zero-day based on known indicators of compromise. Users are advised to update their instances to the latest version for optimal protection.
ImgSrc: securityonline.
References :
Additionally, the advisory outlines CVE-2025-32820, a post-authentication SSLVPN user Path Traversal vulnerability with a CVSS score of 8.3. This flaw enables a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. A third vulnerability, CVE-2025-32821, carries a CVSS score of 6.7 and allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers suggest that these vulnerabilities can be chained together by attackers to gain remote code execution as root and compromise vulnerable instances.
As a workaround and additional safety measure, SonicWall recommends enabling multifactor authentication (MFA) on the devices, enabling WAF on SMA100 and resetting the passwords for any users who may have logged into the device via the web interface. The cybersecurity company also noted that CVE-2025-32819 may have been exploited in the wild as a zero-day based on known indicators of compromise. Users are advised to update their instances to the latest version for optimal protection.
ImgSrc: securityonline.
Share:
References :
- bsky.app: SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks
- securityonline.info: SonicWall has released a security advisory detailing multiple vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products.
- The Hacker News: SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
- BleepingComputer: SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks [...]
Classification:
- HashTags: #SonicWall #SMA100 #Vulnerability
- Company: SonicWall
- Target: SMA 100 appliances
- Product: SMA 100 Secure Mobile Access (SMA) appliances
- Feature: SMA 100
- Type: Bug
- Severity: Major