About CVE-2021-20034 – (SMA 100 series) Unauthenticated SMA100 arbitrary file delete vulnerability – 27th Sep 2021

Point of view: More than 20 years ago, the firewall function was independent, excluding the firewall policy service and vpn function.
The advantage is that when the firewall box is compromised. Nothing else will be found in the box by the attacker.
Over time, the trend of unified threat management has grown. From a technical point of view, it is a multifunctional service.
Maybe it’s hardening. But we can’t say that it is a state machine model (Bell-LaPadula model).

Having said that, the specific design responds to more and more technological developments in the world.
But it is hard to avoid vulnerability occurs due to design weakness.
This time an alert annouced by Sonicwall that an improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. This defect can do a DoS attack.

One of the possibilities encounter this defect: Incorrect configuration of aliases may allow an attacker to read files stored outside the target folder. For more details, please refer to attached diagram.

Official announcement: Please refer to link – https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.