Security News > 2021 > January > Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
2021-01-24 21:31

The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access that are used to provide users with remote access to internal resources.

"Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News.

SonicWall wouldn't confirm the reports beyond the statement, adding it would provide additional updates as more information becomes available.

NetExtender VPN client version 10.x utilized to connect to SMA 100 series appliances and SonicWall firewalls.

With a number of cybersecurity vendors such as FireEye, Microsoft, Crowdstrike, and Malwarebytes becoming targets of cyberattacks in the wake of SolarWinds supply chain hack, the latest breach of SonicWall raises significant concerns.

UPDATE. SonicWall, in an updated advisory on Saturday, said its NetExtender VPN clients are no longer affected by the potential zero-day vulnerabilities that it said were used to carry out a "Coordinated attack" on its internal systems.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/6gzDl6VnPMo/exclusive-sonicwall-hacked-using-0-day.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153