SonicWall warns users of its firewall products to install a number of patches that fix serious vulnerabilities. The vulnerabilities allow attackers to run code with administrator privileges or take full control of the device via a buffer overflow.

Weaknesses are present in the SMA 100 series of physical gates. These are SMA 200, 210, 400, 410 and 500 volts. sonic wall Say There are a number of security vulnerabilities in those devices for which it has now released a patch. The eight vulnerabilities were given CVSS ratings between 6.3 and 9.8. There are two remarkably serious vulnerabilities: they allow a stack-based buffer overflow to be executed without authentication, after which a remote attacker can execute commands like Nobody is a user.

In addition, there is a vulnerability CVE-2021-20039, which allows an unauthenticated attacker to remotely execute code with admin rights on devices. This could allow an attacker to take control of the system, warns SonicWall consult him. Other weaknesses include CPU mining, directory traversal, and the ability to remotely execute code, but as an authenticated user.

The vulnerabilities were discovered by security companies Rapid7 and NCCgroup, which transferred them to SonicWall. The company now has patches available that they can download via their account. In the Netherlands, among other things, warns National Cyber ​​Security Center for errors and calls companies to fix them.