Threat actors are actively exploiting a critical vulnerability, CVE-2021-20038, in SonicWall Secure Mobile Access (SMA) gateways. Update immediately

Cybersecurity specialists report that hacking groups are actively exploiting CVE-2021-20038, a severe vulnerability in SonicWall Secure Mobile Access (SMA) gateways, fixed in late 2021. The flaw was described as an unauthenticated stack-based buffer overflow residing in the SMA 100 Series devices (including SMA 200, 210, 400, 410 and 500v).

Threat actors can exploit the flaw for remote code execution (RCE) as the “nobody” user on compromised SonicWall devices. A few weeks ago, the company asked customers using SMA 100 Series devices to apply security patches containing the necessary fixes to prevent the exploitation of some recently reported flaws.

According to the report, the most severe flaws are two stack-based buffer overflow errors tracked as CVE-2021-20038 and CVE-2021-20045; threat actors could exploit these flaws to execute code as the “nobody” user on the affected systems.

The flaws were actively exploited before SonicWall could address them, so it’s critical that users apply the patches.

Specialists also warned about some password spraying attacks in which cybercriminals try to access devices that use default passwords. The good news is that the attacks detected so far do not appear to be the result of a massive campaign, so it is believed that these are only isolated incidents.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.