SonicWall has released a new firmware update for SMA 100 Series 10.X And 9.X products. The latest update supersedes previous urgent patches that fixed a zero-day vulnerability CVE-2021-20016 earlier this month.
According to the new advisory, SonicWall conducted “additional reviews to further strengthen the code for the SMA 100 series product line.”
As a result, the SMA 10.2 firmware update includes the following fixes:
- Code-hardening fixes identified during an internal code audit
- Rollup of customer issue fixes not included in the Feb. 3 patch
- General performance enhancements
- Previous SMA 100 series zero-day fixes posted on Feb. 3.
“All organizations using SMA 100 series products with 10.x or 9.x firmware should apply the respective patches IMMEDIATELY,” SonicWall wrote in the advisory.
The previously released February 3 patch addressed a zero-day vulnerability CVE-2021-20016 that could result in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product. As a result, an unauthenticated attacker could exploit the vulnerability to gain credential access.
On January 22, 2021, SonicWall first spotted a “coordinated attack on its internal systems by highly sophisticated threat actors.” The security firm attributed the attacks to likely exploitation of SonicWall zero-day vulnerabilities.
- Urgent patch for SonicWall SMA 100 Series zero-day vulnerability (CVE-2021-20016)
- Cyber attackers exploit Accellion FTA 0-day vulnerabilities to steal data
- New Mirai, Gafgyt IoT botnet variants target systems with Apache Struts, SonicWall vulnerability exploits
- Ttint IoT botnet exploits 2 zero-days to spread RAT