TTCSIRT-389.02.04.21: TTCSIRT ADVISORY- SMA 100 SERIES 10.X FIRMWARE ZERO-DAY VULNERABILITY
Please be advised that SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series 10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation.
Affected SMA 100 Devices with 10.x Firmware that Require the Critical Patch:
- Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
- Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)
Upgrade Recommended Steps
Due to the potential credential exposure in SNWLID-2021-0001, all customers using SMA 10.x firmware should immediately follow the following procedures:
- Upgrade to SMA 10.2.0.5-29sv firmware, available from www.mysonicwall.com.
- This firmware is available for everybody, regardless of the status of their support/service contract.
- Instructions on how to update the SMA 100 10.x series firmware can be found in this KB article for physical appliances and this KB article for virtual devices.
- Reset the passwords for any users who may have logged in to the device via the web interface.
- Enable multifactor authentication (MFA) as a safety measure.
- MFA has an invaluable safeguard against credential theft and is a key measure of good security posture.
- MFA is effective whether it is enabled on the appliance directly or on the directory service in your organization.
For more insight on this vulnerability and to be aware of the current mitigation instructions please follow the link below:
The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates.