Connect with us

Hi, what are you looking for?



SonicWall Says ‘a Few Thousand Devices’ Impacted by Zero-Day Vulnerability

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.

SonicWall told SecurityWeek that a few thousand devices are exposed to attacks due to the zero-day vulnerability. The cybersecurity solutions provider says it’s working on developing patches and, in the meantime, it has shared some recommendations on how customers can protect their networks against potential attacks.

The company revealed on January 22 that it had identified a “coordinated attack on its internal systems” that was apparently launched by a highly sophisticated threat group that may have exploited zero-day vulnerabilities in some of the company’s secure remote access products.

SonicWall initially said its NetExtender VPN client and SMA 100 series products may be impacted, but it later determined that the NetExtender VPN client, SonicWall firewalls, SMA 1000 series devices, and SonicWave APs are not affected.

Only SMA 100 series devices remained under investigation, but an update shared on January 29 said the company could still not confirm the existence of a zero-day vulnerability affecting these products.

On Sunday, January 31, however, cybersecurity firm NCC Group reported discovering a possible candidate for the vulnerability, for which the company had seen “indiscriminate” attempts to exploit in the wild.

Following NCC’s report, SonicWall on Monday confirmed the existence of a zero-day flaw affecting SMA 100 series 10.x physical and virtual devices, specifically SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v. The vendor said firewalls, 1000 series appliances and VPN clients do not appear to be affected, and neither are SMA 100 series devices running a firmware version prior to 10.x. A CVE identifier has yet to be assigned for this vulnerability.

SonicWall hopes to release a patch by the end of the day on February 2. In the meantime, customers can prevent potential attacks by enabling multi-factor authentication and changing passwords for accounts that used affected SMA appliances, by blocking access to the appliances on the firewall, by shutting down impacted appliances, or by downgrading the firmware on the device to version 9.x.

Advertisement. Scroll to continue reading.

Shortly after SonicWall disclosed the breach, some anonymous individuals claimed the company was hit by ransomware and the attackers had stolen source code and customer data, but none of those claims have been confirmed. At least some of the claims seen by SecurityWeek at the time seemed questionable.

Related: Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls

Related: Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks

Related: IoT Botnets Target Apache Struts, SonicWall GMS

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...