SonicWall Probe Attack using Zero-Days in its own products



[ad_1]

Security provider SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products.

A first post on the vendor’s knowledge base pages on Friday claimed that version 10.x of the NetExtender VPN client and the SMB-focused SMA 100 series were at risk.

However, a weekend update clarified that the affected products were confined to its Secure Mobile Access (SMA) version 10.x offering running on the SMA 200, SMA 210, SMA 400, SMA 410, and the physical appliances. SMA 500v virtual appliance.

These provide customer employees with secure remote access to internal resources – capabilities in high demand during the pandemic. As such, there is a clear advantage for attackers to find bugs to exploit in such tools.

“We believe it is extremely important to be transparent with our customers, partners and the broader cybersecurity community about the ongoing attacks against businesses and global governments,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There is no more information at this time on what the attackers were looking for and how they carried out the intrusion.

However, SonicWall also clarified that its firewall products, SonicWave access points, and SMA 1000 Series product line are not affected.

“Current SMA 100 series customers can continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not likely to be exploited,” he said. added. “We advise SMA 100 Series administrators to create specific access rules or disable administrative access to the virtual desktop and HTTPS from the Internet while we continue to investigate the vulnerability.”

Since the start of the COVID-19 crisis, security and infrastructure providers have come under increasing scrutiny as attackers search for flaws in products that could provide them with large-scale access to customer environments.

In April, it emerged that sophisticated ransomware groups were exploiting loopholes in VPN products to attack hospitals, while in October, the United States warned that APT groups were chaining VPN exploits with the Zerologon flaw to target public and private sector organizations.

Products from Fortinet (CVE-2018-13379), MobileIron (CVE-2020-15505), Juniper (CVE-2020-1631), Pulse Secure (CVE-2019-11510), Citrix NetScaler (CVE-2019-19781) and Palo Alto Networks (CVE-2020-2021) has all been identified as at risk.

[ad_2]
Source link