This attack targets SonicWall's SMA series access management gateway and is another attack against security vendors.
SonicWall, a firewall and network security appliance maker urged customers to take precautions after their systems were attacked through unknown vulnerabilities in some products. On January 22, SonicWall said through its website, "Recently, an attack by a high-level security threat actor who exploited the zero-day vulnerability in certain SonicWall security remote access products was confirmed."
SonicWall suspected that some of its Secure Mobile Access (SMA) physical and virtual appliances, NetExtender VPN clients, and SonicWall firewalls were vulnerable. However, after further investigation, the list of vulnerable products was revised.
SonicWall said that no SonicWall firewall was affected and that the NetExtender VPN client, SonicWall SonicWave AP, or the SMA 1000 series were not affected. The only vulnerable products are the SMA 100 series appliances, including the SMA 200, SMA 210, SMA 400 and SMA 500v (virtual).
The SMA 100 series appliance is an access management gateway for small and medium businesses that can provide remote employees with browser-based and VPN-based access to on-premises resources or hybrid resources hosted in the cloud. It can be combined with the NetExtender VPN client.
SonicWall said, “Currently, SMA 100 series customers can continue to use NetExtender for remote access through the product. "We have confirmed that this use case is not vulnerable to abuse."
SMA 100 Series Customers Called Out
However, users of SMA 100 series appliances running software version 10.x are advised to disable Internet access to the Virtual Office and HTTPs management interfaces while investigating the vulnerability. Otherwise, the customer should at least enforce IP-based access rules. This can be done using a firewall according to the company's instructions or by the SMA itself.
Another recommendation is to enable multi-factor authentication for all SMA, SonicWall firewalls, or MySonicWall accounts. SMA supports Time-based One Time Passwords (TOTP) generated by mobile apps such as Google Authenticator. In addition to Lightweight Directory Access Protocol (LDAP) authentication for SSL VPN connections on the SonicWall appliance, TOTP can be set up to work.
0 Comments