Security News > 2021 > July > SonicWall Warns Firewall Hardware Bugs Under Attack
Security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an "Imminent ransomware campaign using stolen credentials" that's exploiting security holes in current models and those running legacy firmware.
In a Thursday security notice, the company reported that researchers at Mandiant identified "Threat actors actively targeting" three SMA 100 models and nine older SRA-series secure VPN products no longer supported by SonicWall.
Researchers there asserted that Thursday's SonicWall security notice is part of an ongoing exploitation of a vulnerability, which they disclosed last month.
"CrowdStrike Services incident-response teams identified eCrime actors leveraging an older SonicWall VPN vulnerability, CVE-2019-7481, that affects Secure Remote Access 4600 devices; the ability to leverage the vulnerability to affect SRA devices was previously undisclosed by SonicWall," it wrote.
"If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation," SonicWall said.
"Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk."
News URL
https://threatpost.com/sonicwall-firewall-bugs-attack/167824/
Related news
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-17 | CVE-2019-7481 | SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. | 7.5 |