3 critical vulnerabilities in SonicWall SMA 1000 SSLVPN affect over 500k companies

In a security alert, SonicWall has strongly urged its customers to address some security flaws in its Secure Mobile Access (SMA) Series 1000 products, as their successful exploitation would allow threat actors to fully compromise vulnerable devices.

The most severe vulnerability, tracked as CVE-2022-22282, was described as an unauthenticated access control evasion, while two minor security flaws were described as encrypted cryptographic key flaws and an open redirect; these flaws do not yet receive CVE tracking keys.

The company adds that, at the moment, there are no known workarounds for the vulnerability, so users of affected deployments are advised to update as soon as possible. SonicWall also mentions that no active exploitation attempts have been detected, so it’s still a good time to install official updates.

Flaws reside in the SMA Series 1000 6200, 6210, 7200, 7210 and 8000v (ESX, KVM, Hyper-V, AWS, Azure) models. SonicWall mentions that SMA Series 1000 products with versions earlier than 12.4.0 are not affected.

As mentioned above, CVE-2022-22282 is the most serious of the reported errors, as a successful attack would allow access control to be evaded and access to internal resources. This bug received a score of 8.2 according to the Common Vulnerability Scoring System (CVSS) and can be exploited remotely and without interaction from the target user.

On the other hand, encrypted cryptographic key error can also result in complex attacks: “The use of a cryptographic key increases the possibility of recovering encrypted data in the system,” reports the MITRE CWE database.

SMA Series 1000 VPN devices are used to protect remote connections on corporate networks, so it is highly likely that hacking groups will attempt to exploit these flaws. Previously, these devices have been the target of dangerous attacks; Months ago, a wave of HelloKitty ransomware attacks impacted SMA 100 versions by exploiting a zero-day vulnerability.

More than 500,000 commercial customers from 215 countries and territories around the world use SonicWall products, so the scope of exploitation is considerable.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.