Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

SonicWall Says ‘a Few Thousand Devices’ Impacted by Zero-Day Vulnerability

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall told SecurityWeek that a few thousand devices are exposed to attacks due to the zero-day vulnerability. The cybersecurity solutions provider says it’s working on developing patches and, in the meantime, it has shared some recommendations on how customers can protect their networks against potential attacks.

The company revealed on January 22 that it had identified a “coordinated attack on its internal systems” that was apparently launched by a highly sophisticated threat group that may have exploited zero-day vulnerabilities in some of the company’s secure remote access products.

SonicWall initially said its NetExtender VPN client and SMA 100 series products may be impacted, but it later determined that the NetExtender VPN client, SonicWall firewalls, SMA 1000 series devices, and SonicWave APs are not affected.

Only SMA 100 series devices remained under investigation, but an update shared on January 29 said the company could still not confirm the existence of a zero-day vulnerability affecting these products.

On Sunday, January 31, however, cybersecurity firm NCC Group reported discovering a possible candidate for the vulnerability, for which the company had seen “indiscriminate” attempts to exploit in the wild.

Following NCC’s report, SonicWall on Monday confirmed the existence of a zero-day flaw affecting SMA 100 series 10.x physical and virtual devices, specifically SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v. The vendor said firewalls, 1000 series appliances and VPN clients do not appear to be affected, and neither are SMA 100 series devices running a firmware version prior to 10.x. A CVE identifier has yet to be assigned for this vulnerability.

SonicWall hopes to release a patch by the end of the day on February 2. In the meantime, customers can prevent potential attacks by enabling multi-factor authentication and changing passwords for accounts that used affected SMA appliances, by blocking access to the appliances on the firewall, by shutting down impacted appliances, or by downgrading the firmware on the device to version 9.x.

Shortly after SonicWall disclosed the breach, some anonymous individuals claimed the company was hit by ransomware and the attackers had stolen source code and customer data, but none of those claims have been confirmed. At least some of the claims seen by SecurityWeek at the time seemed questionable.

Related: Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls

Related: Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks

Related: IoT Botnets Target Apache Struts, SonicWall GMS

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...