Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

SonicWall Says ‘a Few Thousand Devices’ Impacted by Zero-Day Vulnerability

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall told SecurityWeek that a few thousand devices are exposed to attacks due to the zero-day vulnerability. The cybersecurity solutions provider says it’s working on developing patches and, in the meantime, it has shared some recommendations on how customers can protect their networks against potential attacks.

The company revealed on January 22 that it had identified a “coordinated attack on its internal systems” that was apparently launched by a highly sophisticated threat group that may have exploited zero-day vulnerabilities in some of the company’s secure remote access products.

SonicWall initially said its NetExtender VPN client and SMA 100 series products may be impacted, but it later determined that the NetExtender VPN client, SonicWall firewalls, SMA 1000 series devices, and SonicWave APs are not affected.

Only SMA 100 series devices remained under investigation, but an update shared on January 29 said the company could still not confirm the existence of a zero-day vulnerability affecting these products.

On Sunday, January 31, however, cybersecurity firm NCC Group reported discovering a possible candidate for the vulnerability, for which the company had seen “indiscriminate” attempts to exploit in the wild.

Following NCC’s report, SonicWall on Monday confirmed the existence of a zero-day flaw affecting SMA 100 series 10.x physical and virtual devices, specifically SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v. The vendor said firewalls, 1000 series appliances and VPN clients do not appear to be affected, and neither are SMA 100 series devices running a firmware version prior to 10.x. A CVE identifier has yet to be assigned for this vulnerability.

SonicWall hopes to release a patch by the end of the day on February 2. In the meantime, customers can prevent potential attacks by enabling multi-factor authentication and changing passwords for accounts that used affected SMA appliances, by blocking access to the appliances on the firewall, by shutting down impacted appliances, or by downgrading the firmware on the device to version 9.x.

Advertisement. Scroll to continue reading.

Shortly after SonicWall disclosed the breach, some anonymous individuals claimed the company was hit by ransomware and the attackers had stolen source code and customer data, but none of those claims have been confirmed. At least some of the claims seen by SecurityWeek at the time seemed questionable.

Related: Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls

Related: Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks

Related: IoT Botnets Target Apache Struts, SonicWall GMS

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.