Security Experts:

Connect with us

Hi, what are you looking for?



Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks

Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws.

Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws.

Researchers last year discovered that enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks are affected by severe vulnerabilities that can be exploited remotely without authentication. While the impacted vendors quickly released patches, many systems are still vulnerable and malicious actors, including state-sponsored groups, have been exploiting the flaws in their campaigns.

After these vulnerabilities were disclosed, Alain Mowat of Swiss cybersecurity company SCRT decided to analyze other enterprise VPN products to see if they contain similar vulnerabilities.

He analyzed the SRA and SMA products from SonicWall and identified a total of six vulnerabilities, including ones that can be exploited remotely without authentication.

SonicWall last month published an advisory to inform customers that its SSL-VPN products are not affected by one of the Palo Alto Networks flaws identified last year. However, Mowat discovered that the company’s SMA 100 series and SRA appliances are affected by other vulnerabilities.Vulnerabilities found in SonicWall SMA appliances

According to SonicWall, its SMA appliance “provides granular access control policy engine, context-aware device authorization, application-level VPN and advanced authentication with single sign-on that protects the corporate network against such malicious requests involving exploitable parameters/format strings aimed at gaining unauthorized access.”

Mowat discovered that these devices contain three vulnerabilities that can be exploited remotely without authentication. The most serious of them is CVE-2019-7482, a critical stack buffer overflow that can be exploited to execute arbitrary code.

The high-severity weaknesses identified by the researcher include an unauthenticated path traversal that allows an attacker to test for the presence of a file on a system (CVE-2019-7483) and a SQL injection flaw that allows an unauthenticated hacker to gain read-only access to unauthorized resources (CVE-2019-7481).

Two other security holes have been classified high severity. They both allow arbitrary code execution, but they can only be exploited by an authenticated attacker. The last vulnerability is an authenticated SQL injection issue that has been rated medium severity.

SonicWall published advisories in December 2019 for each of the vulnerabilities found by Mowat, but the advisories only mention SMA devices. SRA appliances are listed as legacy on the company’s website. SonicWall SMA100 and patch the vulnerabilities identified by the researcher.

Mowat recently published a blog post describing his findings, but the researcher has not released any PoC exploits as he discovered that there are still many internet-exposed SonicWall devices that have yet to be patched.

Related: Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System

Related: Pulse Secure VPN Vulnerability Still Widely Exploited, CISA Warns

Related: NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet