SonicWall investigates SMA 100 Series appliances for zero-day vulnerabilities after attack
SonicWall has identified a coordinated attack on its internal systems by highly sophisticated threat actors
SonicWall is investigating SMA 100 Series for zero-day vulnerabilities
To continue reading.
Don t have an account?
Computing helps IT leaders to make technology a revenue and innovation engine for their businesses. Our unique package of news and analysis enables you to discover what the smartest minds in the industry are doing and scan the horizon for what’s next
REAL-TIME NEWS AND ANALYSIS: find out what’s happening and why in the technology space including news on your competitors and regulators – delivered to your desktop or mobile in a daily newsletter
In a statement published Jan. 22, SonicWall officials wrote they detected an attack by highly sophisticated threat actors exploiting probably zero-day vulnerabilities on certain SonicWall secure remote access products.
As of Jan. 23, the company has confirmed its SonicWall Firewalls, NetExtender VPN Client, Secure Mobile Access (SMA) 1000 Series, and SonicWave Access Points were not affected in the recent attack. The SMA 100 Series, used to provide employees with remote access to internal resources, is under investigation but may be used safely in common deployment use cases.
Current SMA 100 series users may continue to use NetExtender for remote access, a use case the company has determined is not susceptible to exploitation. Admins for the SMA 100 series are advised to create specific access rules while investigation of the vulnerability is underway. SonicWall suggests using a firewall to allow only SSL-VPN connections to the SMA from known IP addresses, or to configure w
UPDATE
SonicWall said a zero-day in its SMA 100 series 10.x code was targeted by “highly-sophisticated” attackers.
The security company initially said it is currently investigating its Secure Mobile Access (SMA) 100 series hardware for potential vulnerabilities linked to a reported cyberattack. SMA 100 is a gateway for small- and medium-sized businesses that lets authorized users access resources remotely. SMA 100 also gives system administrators visibility into remote devices that are connecting to the corporate network – and grants endpoints access based on corporate policies.
“On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team (PSIRT) about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code,” said SonicWall in an updated statement.