Security News > 2021 > January > SonicWall firewall maker attacked using zero-day in its VPN device
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.
On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access VPN device and its NetExtender VPN client in a "Sophisticated" attack on their internal systems.
"Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," states SonicWall's security notice published late Friday night.
SonicWall Firewalls: All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100 series.
We have determined that this use case is not susceptible to exploitation.... Secure Mobile Access is a physical device that provides VPN access to internal networks, while the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.
MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS. In addition to implementing 2FA, SMA 100 series administrators may also consider the following to further secure access to these devices: Enable Geo-IP/botnet filtering and create a policy blocking web traffic from countries that do not need to access your applications.
News URL
Related news
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)