SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.
At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.
Vulnerability details
Advisory: SB2021012401 - SQL injection in SonicWall SMA100
Vulnerable component: SMA 100
CVE-ID: CVE-2021-20016
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description:
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to access usernames, passwords and other session related information.
Note, the vulnerability is being actively exploited in the wild.
External links:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/