
SonicWall, a network security solutions provider, alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series. Hackers are already exploiting the flaw.
The SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) are affected by the “pre-authentication deserialization of untrusted data vulnerability.” It enables remote, unauthenticated attackers to execute arbitrary OS commands in specific conditions. This could lead to unauthorized access and data breaches.
Software version 12.4.3-02854 and higher fixes the issue reported to the firm by the Microsoft Threat Intelligence Center.
Another workaround to minimize potential impact is to restrict AMC and CMC access to trusted sources.
“SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advise users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the firm stated in the advisory.
Secure mobile access (SMA) 1000 devices enable companies and employees to access corporate resources from anywhere, on any device.
The company assures that its firewalls and SMA 100 series products are not affected by the vulnerability.
Your email address will not be published. Required fields are markedmarked