I. Overview

SonicWall disclosed a remote code execution vulnerability (CVE-2021-20032) in SonicWall Analytics. SonicWall Analytics 2.5 On-Prem is vulnerable to the Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability. Attackers can exploit this vulnerability to remotely execute code without authentication.

SonicWall Analytics is a powerful intelligence-driven analytic service. If you are a SonicWall Analytics user, check your system and implement timely security hardening.

Reference: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0018

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

SonicWall Analytics On-Prem 2.5.2518 and earlier

Secure versions:

SonicWall Analytics on-prem 2.5.2519 and later

IV. Security Recommendations

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

Download address: https://mysonicwall.com/muir/login

Until the below patch can be applied, SonicWall strongly recommends that administrators block access to 9000/TCP port on affected versions.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.