Security News > 2022 > January > Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.
This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.
This vuln affects Sonicwall SMA 100-series devices; check with Sonicwall on which firmware versions to upgrade to.
In additional, Baines found and privately disclosed four other Sonicwall SMA 100-series bugs, and again described them in detail today.
While Sonicwall insisted there is "No evidence" of exploitation attempts targeting these devices, now that patches and exploit info is out there, it may just be a matter of time before someone starts breaking into these appliances using all of this knowledge.
Last July, Sonicwall issued an emergency alert telling users of the SMA 200 and 400 to update their firmware immediately, following warnings from Mandiant of live exploit attempts.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/11/sonicwall_multiple_vulns/
Related news
- TunnelBear VPN Review 2024: Pricing, Ease of Use & Security (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Critical security hole in Apache Struts under exploit (source)