Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Significant security vulnerabilities in SonicWall’s Secure Mobile Access (SMA) 100-series VPN tools can allow an unauthorized, remote user to use code as root.

The SMA 100 line was created to provide secure end-to-end access to corporate services, whether hosted on prem, cloud or integrated data centers. It also provides policy-enforced access control to applications after establishing user and device identity and trust.

There is also CVE-2021-20043, which has 8.8 CVSS key points, which is also a buffer-based buffer that allows for root level code creation, but requires validation in order to use it. It is found in the getBookmarks function and is due to the untested use of strcat.

Read More: Threatpost

For more such updates follow us on Google News ITsecuritywire News