Information security specialists reported the detection of two severe vulnerabilities affections SonicWall SMA 100. According to the report, successful exploitation of these flaws would allow threat actors collecting multiple user details.

Below are brief descriptions of the reported flaws, as well as their tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-20049: The affected product’s password change API is vulnerable to different responses sent for exiting and non-existing users. Remote threat actors could exploit the flaw to enumerate usernames in the compromised system.

This is a low severity vulnerability and received a CVSS score of 3.2/10.

CVE-2021-20050: The improper access restrictions to multiple management APIs would allow remote non-authenticated hackers to obtain configuration meta-data.

This is a medium severity vulnerability and received a CVSS score of 4.6/10.

According to the report, these flaws reside in the following SonicWall SMA 100 versions: 10.2.0.2-20sv, 10.2.0.3-24sv, 10.2.0.5-d-29sv, 10.2.0.6-31sv, 10.2.0.7-34sv, 10.2.0.8-37sv, 10.2.1.0-17sv, 10.2.1.1-19sv & 10.2.1.2-24sv.

Reported vulnerabilities can be exploited by remote non-authenticated attackers via the Internet, but information security specialists have detected no active exploitation attempts. Still, experts recommend applying the official patches to prevent any exploitation risk.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two severe vulnerabilities in SonicWall SMA 100: Patch ASAP appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

3 critical vulnerabilities in APC UPS could be exploited to shot down thousands of data centers

Cybersecurity specialists report the detection of three zero-day vulnerabilities in uninterruptible power…

Critical vulnerability in OpenSea NFT platform allowed hackers to steal millions of dollars

Cybersecurity specialists report that a way has been found to exploit the…

Critical vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) would allow easy root access to affected servers

In its latest security advisory Cisco announced the fix of several flaws…