Significant security vulnerabilities in SonicWall’s Secure Mobile Access (SMA) 100-series VPN tools can allow an unauthorized, remote user to use code as root.
The SMA 100 line was created to provide secure end-to-end access to corporate services, whether hosted on prem, cloud or integrated data centers. It also provides policy-enforced access control to applications after establishing user and device identity and trust.
There is also CVE-2021-20043, which has 8.8 CVSS key points, which is also a buffer-based buffer that allows for root level code creation, but requires validation in order to use it. It is found in the getBookmarks function and is due to the untested use of strcat.
Read More: Threatpost
For more such updates follow us on Google News ITsecuritywire News
