SonicWall Warns Of Actively (attacked) Zero-day Leak

Network Security Guard SonicWall warns of an actively attacked zero-day vulnerability in the SMA 100 series gateway (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). A security update is not yet available. The vulnerability affects both physical and virtual SMA appliances with firmware version 10.x. Earlier firmware versions are not vulnerable. Worldwide, thousands of devices would be at risk of attack.

The SMA 100 is a gateway that allows employees to remotely access their organization's networks and cloud environments from any number of devices. SonicWall offers all kinds of solutions for securing networks. At the end of January, the security company announced that the internal systems had become the target of an attack that may have involved one or more zero-day leaks in its own SonicWall products.

The investigation that followed suggested it might be a zero day in the SMA 100, but last week SonicWall announced that the presence of such a vulnerability in the gateway had still not been confirmed. Security company NCC Group reported this weekend via Twitter that it may have discovered the relevant zero-day leak in the SMA 100. Details were then sent to SonicWall.

The network security officer then announces via its own website that there is indeed a zero-day leak in the gateway solution. A security update is expected later today. In the meantime, it is recommended to enable multi-factor authentication and reset users' passwords. Another recommended solution is to downgrade to a previous firmware version.

Previous Post Next Post