Latest SonicWall vulnerabilities: SMA100 Series #

SonicWall has issued an advisory for its SMA100 Series appliances. 

What is the impact? #

When chained together, the vulnerabilities could allow a remote authenticated attacker to bypass system checks leading to potential remote code execution. It does not affect SonicWall Firewall or SMA 1000 series appliances.

Are updates or workarounds available? #

The vendor advises users to update to platform-hotfix (10.2.1.15-81sv or later) as soon as possible. The vendor also advises its customers to configure multifactor authentication (MFA) and enable WAF on the appliance.

How to find potentially vulnerable systems with runZero #

From the Service Inventory, use the following query to locate systems running potentially vulnerable firmware:

hw:"SonicWall SMA100" OR (_asset.protocol:http AND http.head.server:="SonicWALL SSL-VPN Web Server")

January 2025: SMA1000 Series #

SonicWall has issued an advisory for its SMA1000 Series appliances. The vendor reported that this vulnerability may be actively exploited in the wild.

This vulnerability has been designated CVE-2025-23006 and has been assigned a CVSS score of 9.8 (critical).

What is the impact? #

The vulnerability would allow for a remote unauthenticated attacker to execute arbitrary operating system commands. The vulnerability was discovered within the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). It does not affect SonicWall Firewall or SMA 100 series appliances.

Are updates or workarounds available? #

The vendor advises users to update to platform-hotfix (12.4.3-02854 or later) as soon as possible. The vendor also advises its customers to follow the steps outlined in the Best Practices section of the SMA1000 Administration Guide. Access to the console should also be restricted to trusted networks.

How to find potentially vulnerable systems with runZero #

From the Service Inventory, use the following query to locate systems running potentially vulnerable firmware:

hw:"SonicWall SMA1000" OR _asset.protocol:http (last.html.title:="Appliance Management Console Login" OR last.html.title:="Central Management Console Login" OR http.head.server:="SMA/%" OR (favicon.ico.image.mmh3:"16866410" AND (last.html.title:"WorkPlace" OR html.title:"WorkPlace")))

September 2024: SonicOS and SSLVPN #

SonicWall disclosed a vulnerability that affects SonicOS management access and SSLVPN software on SonicWall Gen 5, Gen 6, in addition to Gen 7 devices running SonicOS version 7.0.1-5035 or earlier.

CVE-2024-40766 is rated critical with CVSS score of 9.3, and potentially allows for unauthorized resource access by an attacker.

What is the impact? #

Successful exploitation of this vulnerability potentially results in unauthorized resource access and in some cases could lead to a DoS after causing vulnerable devices to crash.

Are updates or workarounds available? #

SonicWall recommends restricting management access to trusted sources or disabling WAN management from the public Internet. Additionally, SonicWall has released updated firmware which is available for download from mysonicwall.com.

How to find potentially vulnerable systems with runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:"SonicWall"

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Discover the new era of exposure management!