Network security firm SonicWall warns about critical vulnerability affecting its gateways


SonicWall, a network security solutions provider, alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series. Hackers are already exploiting the flaw.

The SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) are affected by the “pre-authentication deserialization of untrusted data vulnerability.” It enables remote, unauthenticated attackers to execute arbitrary OS commands in specific conditions. This could lead to unauthorized access and data breaches.

Software version 12.4.3-02854 and higher fixes the issue reported to the firm by the Microsoft Threat Intelligence Center.

ADVERTISEMENT

Another workaround to minimize potential impact is to restrict AMC and CMC access to trusted sources.

“SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advise users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the firm stated in the advisory.

Niamh Ancell BW Ernestas Naprys jurgita vilius
Don’t miss our latest stories on Google News

Secure mobile access (SMA) 1000 devices enable companies and employees to access corporate resources from anywhere, on any device.

The company assures that its firewalls and SMA 100 series products are not affected by the vulnerability.