Skip to main content

Remote code execution vulnerability present in SonicWall SMA 100 series appliances

A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

Alert status
HIGH

Background /What has happened?

A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated cyber actor to perform remote code execution. A cyber actor would then be able to install malware or otherwise control the affected device.

SonicWall SMA 100 series appliances provide end-to-end secure remote access to corporate resources hosted across on-premise, cloud and hybrid data centres.

Further information on this vulnerability is available in the SonicWall security advisory.

Mitigation / How do I stay secure?

Australian organisations who use Sonic Wall SMA 100 series appliances should review their patch status and update to the latest version. SonicWall have released a security advisory listing specific vulnerable products and versions.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and can provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it