SonicWall SMA 100 Series Authenticated Arbitrary File Upload Vulnerability

A vulnerability allowing authenticated arbitrary file uploads has been identified in the SMA 100 series web management interface. This issue affects the SMA 210, 410, and 500v models, specifically versions through 10.2.1.15-81sv. The vulnerability arises from the web management interface, where a remote attacker with administrative privileges can upload arbitrary files to the system. This capability could potentially be exploited to execute remote code on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, with the potential for remote code execution on the affected system.

Remediation

Users of the SMA 100 series products should upgrade to version 10.2.2.1-90sv or higher. For organizations using the SMA 500v virtual product, it is recommended to back up the OVA file and export the configuration, remove the existing virtual machine, reinstall the latest clean OVA, and restore the configuration. Additionally, all SMA 100 series appliance users should disable remote management access on the external-facing interface, enable multifactor authentication, and activate Web Application Firewall (WAF) on SMA100.