After US manufacturer of servers and network devices, SonicWall, identified an attack on its internal systems on January 22, NCC Group researchers identified a serious zero day vulnerability on their Secure Mobile Access (SMA) 100 series devices, both physical and virtual. The company confirmed the threat and alerted its customers and users this Monday (01) in a statement on its official website.
According to the company, the flaw was identified on Sunday (01/31) by researchers from the NCC Group, a British information technology and security consultant. The company is calling the failure SNWLID-2021-0001 and informs that is already working on a patch, which should be available today, February 2nd.
“The NCC Group informed the SonicWall product security incident response team (PSIRT) about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed your shipment as a critical zero day in the SMA 100 series 10.x code, and is tracking it as SNWLID-2021-0001. SonicWall […] is working on a patch that will be available at the end of February 2, 2021. This vulnerability affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)”, Writes the company in the statement.
Attack on SonicWall
On January 22, the SonicWall reported that it identified an attack on its internal systems, organized by “highly sophisticated” agents, probably a consequence of a zero day vulnerability exploited in SMA 100 series remote access devices, manufactured by the company.
In the statement, the company asks its customers and users to verify their security settings, especially multi-factor authentication (MFA) and to review restrictions on access to IP addresses.
“SonicWall has identified a coordinated attack on its internal systems by highly sophisticated threat agents that exploit likely zero-day vulnerabilities in certain SonicWall secure remote access products. The impacted products are: NetExtender VPN 10.x (launched in 2020) used to connect to SMA 100 series devices and SonicWall firewalls and Secure Mobile Access (SMA) 10.x running on physical devices SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v virtual appliance ”, writes the company.
THE vulnerability that affected being VPN service, However, was dropped by the company last Monday (01/25). “Although we previously reported NetExtender 10.X as a potential zero day, this has now been discarded. Customer use is safe […] No action is needed from customers or partners. ”
The vulnerability affecting SMA 100 devices has been confirmed. The company, nor the NCC Group consultancy, revealed details about the vulnerability to prevent it from being exploited by cyber criminals. More information about it should be published after the launch of the update, scheduled for today (02).
See the original post at: https://thehack.com.br/sonicwall-confirma-vulnerabilidade-zero-day-em-seus-dispositivos-de-acesso-remoto-sma-100/?rand=48873
