SonicWall firewall maker hacked using zero-day in its VPN device

Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.

On Friday night, SonicWall released an ‘urgent advisory’ stating that hackers used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” states SonicWall’s security notice published late Friday night.

SonicWall states that the impacted products are:

• NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
• Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance

Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks, while the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.

SonicWall states that customers can protect themselves by enabling multi-factor authentication (MFA) on affected devices and restricting access to devices based on whitelisted IP addresses.

SonicWall has not released detailed information about the zero-day vulnerabilities. Based on the mitigation steps,…