SonicWall SMA 100: CVE-2021-20045: Multiple SMA 100 Unauthenticated File Explorer Heap-based and Stack-based Buffer Overflows
Description
A critical severity vulnerability (CVSS 9.4) in SMA 100 appliances, which includes SMA 200, 210, 400, 410 and 500v could allow a remote unauthenticated attacker to cause Heap-based and Stack-based Buffer Overflow and would result in code execution as the nobody user in the SMA100 appliance. It was observed that the SMA100 appliances with WAF licensed/enabled are also impacted by this vulnerability. Exploitation potentially leading to code execution. This Vulnerability is due to the sonicfiles RAC_COPY_TO (RacNumber 36) method which allows users to upload files to an SMB share and can be called without any authentication. RacNumber 36 of the sonicfiles API maps to the upload_file Python method and this is associated with filexplorer binary, which is a custom program written in C++ which is vulnerable to a number of memory safety issues.
Solution(s)
- sonicwall-sma-100-upgrade-10.2.0.9-41sv
- sonicwall-sma-100-upgrade-10.2.1.3-27sv
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center