"SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability"
Security researchers at Rapid7 have discovered that hackers have started targeting a recently patched vulnerability affecting SonicWall's Secure Mobile Access (SMA) 100 series appliances. The security flaw in question is CVE-2021-20038, a critical remote code execution vulnerability that SonicWall patched in December alongside several other issues impacting SMA 100 series products. CVE-2021-20038 is a stack-based buffer overflow that can allow attackers to take complete control of a device or virtual machine running an SMA appliance. The researchers stated that the attempts so far to exploit the flaw in the wild appear to be opportunistic, non-targeted in nature, and likely from unsophisticated attackers. The researchers also noted that so far, the attacks have been unsuccessful, however as proven by the publicly available exploit and Rapid7's write up, the vulnerability is exploitable in a real-world scenario. The exploit detailed by Rapid7 requires around 250,000 requests. So far, the researchers have only seen handfuls of about 3 or 4 requests at a time. The researchers stated that in the worst case scenario, exploiting the flaw would allow the attacker to gain remote access to the underlying VPN appliance and the internal network access that comes with that. SonicWall urges all organizations, regardless of security products, to be consistent and thorough in patching policy and execution. The United States, Japan, and Australia have issued warnings about the vulnerability.