Security News > 2021 > July > SonicWall Warns Secure VPN Hardware Bugs Under Attack

Security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an "Imminent ransomware campaign using stolen credentials" that's exploiting security holes in current models and those running legacy firmware.

In a Thursday security notice, the company reported that researchers at Mandiant identified "Threat actors actively targeting" three SMA 100 models and nine older SRA-series secure VPN products no longer supported by SonicWall.

Researchers there asserted that Thursday's SonicWall security notice is part of an ongoing exploitation of a vulnerability, which they disclosed last month.

"CrowdStrike Services incident-response teams identified eCrime actors leveraging an older SonicWall VPN vulnerability, CVE-2019-7481, that affects Secure Remote Access 4600 devices; the ability to leverage the vulnerability to affect SRA devices was previously undisclosed by SonicWall," it wrote.

"If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation," SonicWall said.

"Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk."

News URL

https://threatpost.com/sonicwall-vpn-bugs-attack/167824/