Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.
On Friday night, SonicWall released an ‘urgent advisory’ stating that hackers used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.
“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” states SonicWall’s security notice published late Friday night.
SonicWall states that the impacted products are:
- NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance
Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks, while the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.
SonicWall states that customers can protect themselves by enabling multi-factor authentication (MFA) on affected devices and restricting access to devices based on whitelisted IP addresses.
FOR SMA 100 SERIES
- Use a firewall to only allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs
- Or configure whitelist access on the SMA directly itself
FOR FIREWALLS WITH SSL-VPN ACCESS VIA NETEXTENDER VPN CLIENT VERSION 10.X
- Disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs
MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS
SonicWall has not released detailed information about the zero-day vulnerabilities. Based on the mitigation steps,…