Urgent Alert: Active Attacks Target Unpatched SonicWall Devices
Security experts are warning of a surge in active cyberattacks specifically targeting outdated and unpatched SonicWall SMA 100 series devices. These attacks exploit a vulnerability that has been known and patched for several years, yet many organizations seemingly still have exposed systems.
The core issue is a buffer overflow vulnerability identified as CVE-2021-20038. While SonicWall released patches for this critical flaw back in 2021, systems that were not updated remain exposed to significant risk. The affected devices include specific models within the SMA 200, 210, 400, 410, and 500v series that are still running older 9.x and 10.x firmware versions.
Attackers are actively scanning the internet for these vulnerable systems. Once a vulnerable device is found, they can exploit the flaw to gain unauthorized access. Reports indicate that attackers are deploying backdoors and other types of malware onto compromised systems. This unauthorized access can lead to data theft, further network intrusion, and potentially the deployment of ransomware, causing severe disruption and financial loss.
The danger is amplified because the vulnerability is old and well-understood by malicious actors. Systems left unpatched are essentially open doors for attackers seeking easy targets. The cybersecurity community, including organizations like CISA, issued warnings about this vulnerability when it was first discovered in 2021, urging immediate patching.
Organizations still using these older SonicWall SMA 100 series devices are strongly advised to take immediate action. The most critical step is to update firmware to the latest secure version provided by SonicWall without delay. If updating is not immediately feasible, the devices should be disconnected from the internet to prevent exploitation until they can be properly secured. Ignoring this warning leaves networks highly susceptible to potentially devastating attacks. Prioritizing security updates for internet-facing devices is paramount to defending against current and future threats.
Source: https://www.scworld.com/brief/attacks-involving-old-sonicwall-sma100-vulnerability-underway
