SonicWall, a security hardware manufacturer, has recently issued an urgent security notice regarding threat actors possibly exploiting a zero-day vulnerability on some of their VPN products to conduct cyber-attack exploits to their network and infrastructure systems.
Catering to SME and large enterprise organizations and companies, SonicWall is a well-known hardware firewall system device manufacturer which is commonly used today.
Last Friday, January 22, 2021, they issued an urgent importance security advisory regarding hackers that exploited the zero-day vulnerability of Secure Mobile Access (SMA) VPN device and NetExtender VPN client cyberattack to their internal systems. Cyberattack to their internal systems.
SonicWall’s analysis of the attack revealed a coordinated cyberattack by exploiting a most likely zero-day vulnerability on some of their secure remote access products conducted by highly sophisticated threat actors.
The devices affected by this newly discovered vulnerability are still being identified, below is the investigation’s status.
Affected devices are:
- NetExtender VPN client ver 10.x (released in 2020) to connect to SMA 100 series and SonicWall firewalls
- Secure Mobile Access (SMA) ver 10.x on SMA 200, 210, 400, 410 physical appliances and the SMA 500v virtual appliance
Unaffected devices:
- SonicWall Firewalls: all generations are not affected by the zero-day vulnerability impacting SMA 100 series. There is no action required by customers and partners.
- NetExtender VPN Client: While previously communicated NetExtender 10.X as potentially having a zero-day, that is now dismissed. Now it is usable with all Sonicwall products
- SMA 1000 Series: product line unaffected by the incident.
- SonicWall SonicWave APs
Still under investigation:
- SMA 100 Series: product remains under investigation for vulnerability
- Customers can continue to use NetExtender for remote access with SMA 100 series products.
- SMA 100 series administrators are advised to implement specific access rules or disable Virtual Office and HTTPS admin access from the Internet as they continue to investigate the vulnerability.
Secure Mobile Access or SMA is a physical VPN device that provides secure access to internal networks. The NetExtender is the VPN client software that remote users use to connect to compatible SonicWall products that support the VPN connections.
The good news is that SonicWall communicated that customers will be able to protect themselves via enabling MFA (multi-factor authentication) and restricting the access using whitelisted address to the VPN device if ever they are affected by the possible vulnerability.
They have not yet released a piece of detailed information regarding the vulnerabilities. Based on the provided mitigation procedures, it appears to be a pre-authentication vulnerability that can be exploited on remote publicly accessible devices.
