SonicWall released an urgent notice to their clients to patch a series Zero-Day vulnerability.
VPN Zero-Day Vulnerability:
Internet security device maker — Firewall and VPN products, mentioned on Friday — they are investigating a coordinated attack on its internal systems.
Also, “SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities.”, in post.
According to the post, by “exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
Moreover, below are the affected products include:
- NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance
Followingly, the newer series of SMA 1000 series are not impacted — this uses a different VPN client than NetExtender.
In short, SonicWall to help its customers’ networks safe, provided a list of mitigations in an article:
- firstly, to enable multi-factor authentication
- disable NetExtender access to the firewall
- restrict access to users and admins for public IP addresses
- and, configure whitelist access on the SMA directly