Remote code execution vulnerability present in SonicWall SMA 100 series appliances

Australian Cyber Security Centre

Background /What has happened?

A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated cyber actor to perform remote code execution. A cyber actor would then be able to install malware or otherwise control the affected device.

SonicWall SMA 100 series appliances provide end-to-end secure remote access to corporate resources hosted across on-premise, cloud and hybrid data centres.

/Public Release. View in full here.