SonicWall investigates SMA 100 Series appliances for zero-day vulnerabilities after attack

SonicWall has identified a coordinated attack on its internal systems by 'highly sophisticated threat actors'

Firewall and networking device manufacturer SonicWall is urging customers to take preventive measures after finding that its systems were targeted using a zero-day vulnerability affecting some of its products.

In a statement published on its website last week, the company revealed that it had identified "a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products".

The company said that the products impacted by the zero-day include NetExtender VPN client version 10.x (released in 2020) and Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

"We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government," the firm stated.

On Monday, SonicWall provided an update on the security incident, stating that it was investigating only SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) remote access appliances for vulnerabilities.

An investigation by the firm revealed that all generations of SonicWall firewalls are not affected by the vulnerability and are completely safe to use. Similarly, NetExtender 10.X client can be safely used with all SonicWall products.

SonicWall said no vulnerability was found in SonicWave Access Points and SMA 1000 series and customers can safely use these products.

"SonicWall fully understands the urgency for information and guidance, which we're committed to providing as we verify and confirm details," it said.

It is not yet clear whether SonicWall hack is linked with the recent SolarWinds cyber attacks against the US federal agencies and private firms by alleged Russian hackers.

SonicWall is yet to release patches for the zero-day vulnerabilities affecting some of its products. In the meantime, the company has listed a series of mitigation strategies that customers can use to protect their systems from cyber attacks by sophisticated hacking groups.

These include deploying a firewall to restrict who can interact with SMA devices, and enabling multi-factor authentication on impacted devices.

It is also advising admins to enable Geo-IP/botnet filtering and create a policy to block web traffic from countries that do not need access to applications.

Other safeguards include enabling and configuring End Point Control (EPC) to verify the identity of a device before establishing a connection and to enable scheduled logins/logoffs to restrict access to the portal.