Cyber Hacking News

Security firm SonicWall hacked using zero-day in its VPN device

0

Security hardware manufacturer SonicWall has disclosed that it was a victim of a coordinated attack on its internal systems.

The San Jose based company issued an urgent security notice about attackers exploiting a zero-day vulnerability in their VPN products to attack its internal systems.

SonicWall is a popular internet security provider of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.

According to the ‘urgent advisory’ issued by the company, the threat actors used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.

SonicWall is currently investigating about the devices that are affected by this vulnerability.

Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks and the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.

The vulnerable devices include:

  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.

The security company states that the customers can protect themselves by enabling multi-factor authentication on affected devices and restricting access to devices based on whitelisted IP addresses.

Initially they mentioned NetExtender VPN client version 10.x (released in 2020) as potentially having a zero -day, but they have been ruled out in an updated advisory.

More detailed information regarding the zero-day vulnerabilities is not known at the moment. Based on the mitigation steps, they appear to be pre-auth vulnerabilities that can be remotely exploited on publicly accessible devices.

VPN vulnerabilities is a popular method used by attackers to gain access to and compromise a company’s internal network. After getting access, they spread laterally through the network while stealing files or deploying ransomware.

With a number of cybersecurity firms becoming targets of cyberattacks recently, the latest breach of SonicWall raises significant concerns.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    77 million Nitro PDF user records leaked by hackers

    Previous article

    Hacker leaks data of 2.28M dating site users

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *