CyberSecurity news
FlagThis
@www.helpnetsecurity.com
//
SonicWall has released critical security patches to address three vulnerabilities affecting its SMA 100 series of Secure Mobile Access (SMA) appliances. These flaws, which could lead to remote code execution with root privileges, pose a significant threat to organizations using the affected devices. One of the vulnerabilities, CVE-2025-32819, is already being actively exploited in the wild, underscoring the urgency of applying the patches. The vulnerabilities impact SMA 200, 210, 400, 410, and 500v appliances running versions 10.2.1.14-75sv and earlier.
CVE-2025-32819 allows a remote, authenticated attacker with SSL-VPN user privileges to bypass path traversal checks and delete arbitrary files, potentially resetting the device to factory default settings. CVE-2025-32820 enables an attacker with similar privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. CVE-2025-32821 permits an attacker with SSL-VPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers have demonstrated that chaining these vulnerabilities together allows attackers to gain root-level remote code execution.
To mitigate these risks, SonicWall strongly advises users of the affected SMA 100 series products to upgrade to version 10.2.1.15-81sv or higher. As a further safeguard, SonicWall recommends enabling multifactor authentication (MFA) and Web Application Firewall (WAF) on SMA100 devices. The company also suggests resetting passwords for users who may have logged into the device via the web interface. These measures, along with the security update, will help protect systems from potential exploitation.
ImgSrc: img.helpnetsecu
References :
CVE-2025-32819 allows a remote, authenticated attacker with SSL-VPN user privileges to bypass path traversal checks and delete arbitrary files, potentially resetting the device to factory default settings. CVE-2025-32820 enables an attacker with similar privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. CVE-2025-32821 permits an attacker with SSL-VPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers have demonstrated that chaining these vulnerabilities together allows attackers to gain root-level remote code execution.
To mitigate these risks, SonicWall strongly advises users of the affected SMA 100 series products to upgrade to version 10.2.1.15-81sv or higher. As a further safeguard, SonicWall recommends enabling multifactor authentication (MFA) and Web Application Firewall (WAF) on SMA100 devices. The company also suggests resetting passwords for users who may have logged into the device via the web interface. These measures, along with the security update, will help protect systems from potential exploitation.
ImgSrc: img.helpnetsecu
Share:
References :
- The Hacker News: SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
- securityonline.info: Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
- circl: Security Advisory - SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities
- BleepingComputer: BleepingComputer reports about SonicWall urging admins to patch VPN flaw exploited in attacks
- Help Net Security: HelpNetSecurity details SonicWall SMA100 vulnerability exploited in the wild
Classification:
- HashTags: #SonicWall #SMA100 #VPN
- Company: SonicWall
- Target: SonicWall SMA 100
- Product: SMA 100
- Feature: RCE
- Type: Vulnerability
- Severity: Critical