| This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |
| A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of this vulnerability could allow for remote code execution. |
| Threat Intelligence According to SonicWall on April 15, this vulnerability is believed to be actively exploited in the wild. As a precautionary measure, SonicWall PSIRT has upgraded the CVSS score from medium to high severity (7.2). |
| Systems Affected |
| SMA 200 SMA 210 SMA 400 SMA 410 SMA 500v (ESX, KVM, AWS, Azure) Versions 10.2.1.0-17sv and earlier Versions 10.2.0.7-34sv and earlier Versions 9.0.0.10-28sv and earlier |
| Risk Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Recommendations |
| Apply appropriate updates provided by SonicWall to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. |