Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
Description
SonicWall SMA 100 series appliances are vulnerable to an unintended proxy vulnerability (CVE-2021-20042) that allows unauthenticated remote attackers to bypass network segmentation controls. Attackers can leverage the vulnerable appliance as a proxy to access and interact with internal network resources that should not be accessible from external networks, effectively using the SMA device as a bridge into the protected network perimeter.
Remediation
Take the following steps to remediate this vulnerability:
1. Immediately upgrade all SonicWall SMA 100 series appliances to the latest patched firmware version available from SonicWall's support portal (mySonicWall)
2. Review access logs for any suspicious proxy activity or unexpected outbound connections that may indicate exploitation attempts
3. Implement network segmentation to limit the SMA appliance's access to only necessary internal resources
4. Apply firewall rules to restrict outbound connections from the SMA device to only required destinations
5. Monitor for indicators of compromise including unusual DNS queries (particularly to suspicious domains like .bxss.me) and unexpected internal network traffic patterns
Consult SonicWall's security advisory for specific patched versions applicable to your SMA model and firmware branch.