National Cyber Warfare Foundation (NCWF) Forums


SonicWall network attacked via zero day in its secure access solution


0 user ratings
2021-01-24 05:00:24
milo
Attacks

Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting a zero-day vulnerability in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product…


The post SonicWall network attacked via zero day in its secure access solution appeared first on SC Media.




A screenshot of SonicWall’s home page. Note the link to the incident disclosure at the top of the page.




Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting a zero-day vulnerability in its very own secure remote access products.





SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company.





SonicWall, whose product line includes firewalls; network security and access solutions; and email, cloud and endpoint security solutions acknowledged that an incident took place in a company statement late that evening. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” the statement reads.





According to the company, the zero day vulnerability that the attackers exploited has been found in Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance. In conjunction with SonicWall’s NetExtender VPN client, the SMB-oriented SMA gateways are are “used for providing employees/users with remote access to internal resources,” the statement explains.





In an earlier version of its statement, SonicWall had said its NetExtender VPN client version 10.x (released in 2020) – utilized to connect to SMA 100 series appliances and SonicWall firewalls – was also vulnerable, but the company retracted this statement in an update posted on Saturday evening.





The SMA 100 Series product itself remains under investigation; however, the company says customers may continue to use NetExtender for remote access with the SMA 100 series. “We have determined that this use case is not susceptible to exploitation,” the update says. Still, the company advises SMA 100 series administrators “to create specific access rules or disable Virtual Office and HTTPS administrative access from the internet while we continue to investigate the vulnerability.”





Any SonicWall customer using these solutions is vulnerable to the same zero-day flaws. The company has therefore set up a web page where it is providing mitigation guidelines to channel partners and customers.





Among its recommendations: “use a firewall to allow only SSL-VPN connections to the SMA appliance from known/whitelisted IPs,” or “configure whitelist access on the SMA directly itself.” Also, “disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs.”





SonicWall has also advised users to enable multi-factor authentication on all SonicWall SMA, firewall and MySonicWall accounts.








The post SonicWall network attacked via zero day in its secure access solution appeared first on SC Media.



Source: sc magazine
Source Link: https://www.scmagazine.com/home/security-news/vulnerabilities/sonicwall-network-attacked-via-zero-days-in-its-vpn-and-secure-access-solutions/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.