Facebook

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices


SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices.


The flaw, which affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), came to light after the NCC Group on Sunday alerted it had detected “indiscriminate use of an exploit in the wild.”


Details of the exploit have not been disclosed to prevent the zero-day from being misused further, but a patch is expected to be available by the end of day on February 2, 2021.


password auditor

“A few thousand devices are impacted,” SonicWall said in a statement, adding, “SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability.”


On January 22, The Hacker News exclusively revealed that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting “probable zero-day vulnerabilities” in its SMA 100 series remote access devices.


Then last week, on January 29, the San Jose-based company issued an update stating it had so far only observed the use of previously stolen credentials to log into the SMA 100 series appliances.


While SonicWall has not shared many details about the intrusion citing an ongoing investigation, the latest development points to evidence that a critical zero-day in the SMA 100 series 10.x code may have been exploited to carry out the attack.


SonicWall is internally tracking the vulnerability as SNWLID-2021-0001.


The company said SonicWall firewalls and SMA 1000 series appliances, as well as all respective VPN clients, are unaffected and that they remain safe to use.


In the interim, the company recommends customers enable multi-factor authentication (MFA) and reset user passwords for accounts that utilize the SMA 100 series with 10.X firmware.


“If the SMA 100 series (10.x) is behind a firewall, block all access to the SMA 100 on the firewall,” the company said. Users also have the option of shutting down the vulnerable SMA 100 series devices until a patch is available or load firmware version 9.x after a factory default settings reboot.


Update Patches Released


SonicWall has formally released a patch to address a zero-day vulnerability in SMA 100 series 10.x code.


“All SonicWall customers with active SMA 100 series devices running 10.x code should immediately apply the patch on physical and virtual appliances,” the company said in a statement. “The patch also contains additional code to strengthen the device.”


While the company has not shared more details on the vulnerability, NCC Group’s Rich Warren hinted that it might have something to do with an authentication bypass.

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices Reviewed by TechCO on 2/06/2021 Rating: 5

No comments:

ads 728x90 B
Powered by Blogger.