SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series 10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation.
Affected SMA 100 Devices with 10.x Firmware that Require the Critical Patch:
- Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
- Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)
Please read this notice in its entirety as it contains important details for post-upgrade steps.
The patch addresses vulnerabilities reported to SonicWall by the NCC Group on Jan. 31 and Feb. 2, tracked under PSIRT Advisory ID SNWLID-2021-0001. These include an exploit to gain admin credential access and a subsequent remote-code execution attack.