SonicWall warns customers about zero-day vulnerabilities



Firewall and network security appliance manufacturer SonicWall is urging customers to take preventive actions after its own systems were attacked through previously unknown vulnerabilities in some of its products. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” the company said in an alert on its website late Friday.

Initially the company suspected that several of its Secure Mobile Access (SMA) series physical and virtual appliances, as well as the NetExtender VPN client and SonicWall firewalls were vulnerable. However, after further investigation, the list of vulnerable products was revised Saturday.

The company determined that no generation of SonicWall firewalls is impacted and neither are the NetExtender VPN client, SonicWall SonicWave APs or SMA 1000 Series. The only vulnerable products remain the SMA 100 series appliances which include SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v (virtual).

The SMA 100 series appliances are access management gateways for small- and medium-sized businesses that allow them to provide browser-based and VPN-based access to remote employees to the company’s internal resources, or even hybrid resources hosted in the cloud. It can be combined with a VPN-client such as the NetExtender VPN client.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series,” the company said. “We have determined that this use case is not susceptible to exploitation.”

SMA 100 Series customers urged to take action

However, users of SMA 100 Series appliances running version 10.x of the software are strongly advised to disable access to the Virtual Office and the HTTPS administrative interface from the internet while the vulnerabilities are being investigated. If that’s not practical, customers should at least enforce IP-based access rules. This can be achieved either through a firewall or from the SMA itself following the company’s instructions.

Copyright © 2021 IDG Communications, Inc.


Source link