Security hardware manufacturer SonicWall has disclosed that it was a victim of a coordinated attack on its internal systems.
The San Jose based company issued an urgent security notice about attackers exploiting a zero-day vulnerability in their VPN products to attack its internal systems.
SonicWall is a popular internet security provider of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.
According to the ‘urgent advisory’ issued by the company, the threat actors used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.
SonicWall is currently investigating about the devices that are affected by this vulnerability.
Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks and the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.
The vulnerable devices include:
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.
The security company states that the customers can protect themselves by enabling multi-factor authentication on affected devices and restricting access to devices based on whitelisted IP addresses.
Initially they mentioned NetExtender VPN client version 10.x (released in 2020) as potentially having a zero -day, but they have been ruled out in an updated advisory.
More detailed information regarding the zero-day vulnerabilities is not known at the moment. Based on the mitigation steps, they appear to be pre-auth vulnerabilities that can be remotely exploited on publicly accessible devices.
VPN vulnerabilities is a popular method used by attackers to gain access to and compromise a company’s internal network. After getting access, they spread laterally through the network while stealing files or deploying ransomware.
With a number of cybersecurity firms becoming targets of cyberattacks recently, the latest breach of SonicWall raises significant concerns.