25 January 2021

SonicWall hacked via zero day flaw in its own remote access solutions


SonicWall hacked via zero day flaw in its own remote access solutions

SonicWall, a provider of network, access, email, cloud, and endpoint security solutions, said it has suffered a “coordinated” attack on its internal systems conducted by “highly sophisticated threat actors”, in which the attackers exploited “probable” zero day vulnerabilities in the company’s remote access tools.

SonicWall did not share any additional information regarding the hack, or details on zero day. In its initial advisory the company listed its NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls, and Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance as impacted by the vulnerabilities, however, in a subsequent update SonicWall said that its NetExtender VPN Client is not affected by the zero day flaw.

SonicWall is currently investigating what devices are affected by the vulnerability. So far, the company determined that the following solutions are not affected:

  • SonicWall Firewalls: All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). No action is required from customers or partners.

  • NetExtender VPN Client: While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners.

  • SMA 1000 Series: This product line is not affected by this incident. Customers are safe to use SMA 1000 series and their associated clients. No action is required from customers or partners.

  • SonicWall SonicWave APs: No action is required from customers or partners.

SMA 100 Series is still under investigation, however, the security firm provided the guidance on deployment use cases:

  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.

  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

The company said it will publish additional updates as more information becomes available.


Back to the list

Latest Posts

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

The hackers targeted the company for at least five years.
22 April 2024
MITRE discloses security breach via Ivanti zero-days

MITRE discloses security breach via Ivanti zero-days

The organization said that an unnamed foreign state-sponsored threat actor was behind the attack.
22 April 2024
CrushFTP patches actively exploited zero-day

CrushFTP patches actively exploited zero-day

The flaw is being exploited in attacks targeting CrushFTP servers at multiple US entities.
22 April 2024
Popular Posts
Featured vulnerabilities
Insufficient Session Expiration in Shopware
Medium Patched | 23 Apr, 2024
Improper Certificate Validation in Fortinet FortiNAC-F
Medium Patched | 23 Apr, 2024
Multiple vulnerabilities in Mitel MiCollab
Low Patched | 23 Apr, 2024
Multiple vulnerabilities in IBM CICS Transaction Gateway for Multiplatforms
Low Patched | 23 Apr, 2024
Privilege escalation in Linux kernel edac driver
Low Patched | 22 Apr, 2024