[German]SonicWall is currently warning of a 0-day exploit that is being actively exploited to attack SonicWall Secure Mobile Access devices in the SMA 100 series. A patch has been announced by SonicWall for February 2, 2021.
Advertising
On Twitter, NCC Group Research & Technology posted this tweet as of Jan. 31, 2021, with a general warning about the 0-Day exploit for SonicWall SMA 100.
SonicWall has published this security warning on the subject as of February 1, 2021. There, a zero-day vulnerability in the SMA 100 series 10.x code is confirmed. SMA 100 firmware prior to 10.x is not affected by this zero-day vulnerability. Specifically, it states:
On Sunday, January 31, 2021, the NCC Group informed the SonicWall Product Security Incident Response Team (PSIRT) about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.
SonicWall has identified the vulnerable code and is working on a patch to be available by end of day on February 2, 2021. This vulnerability affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v).
Currently, SonicWall developers are working on a patch scheduled for February 2, 2021. For customers who need to operate the SMA 100 devices, the vendor has provided some guidance on how to secure them in the security alert. These include two-factor authentication, resetting user passwords for accounts that have used the SMA 100 series with 10.X firmware. If the SMA 100 series (10.x) is behind a firewall, all access to the SMA 100 should be blocked on the firewall for security. In addition, the manufacturer recommends that the devices be shut down, if possible, until a patch is available.
Similar articles:
Sonicwall NetExtender vulnerability exploited by APT group
Vulnerabilities and Backdoors in Dell's SonicWALL
Advertising
Schwachstelle CVE-2020-5135 in SonicWall-Firewall OS
Advertising