SonicWall Probes Attack Using Zero-Days in Own Products

Security vendor SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products.

An initial post on the vendor’s knowledgebase pages on Friday claimed that the NetExtender VPN client version 10.x and the SMB-focused SMA 100 series were at risk.

However, an update over the weekend clarified that impacted products were confined to its Secure Mobile Access (SMA) version 10.x offering running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

These provide customer employees with secure remote access to internal resources — capabilities in high demand during the pandemic. As such, there’s an obvious advantage to attackers in finding bugs to exploit in such tools.

“We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There’s no more info for now on what the attackers were after and how they performed the intrusion.

However, SonicWall also clarified that its firewall products, SonicWave APs and SMA 1000 Series product line are unaffected.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation,” it added. “We advise SMA 100 series administrators to create specific acc ..

Support the originator by clicking the read the rest link below.