SonicWall SMA Vulnerability Confirmed: 100 Devices Are Actively Being Exploited

NCC Group, a cybersecurity firm has just recently reported that a SonicWall SMA zero-day vulnerability is actively being attacked. It was only last January 22 that SonicWall disclosed to the public an exploitation in their internal systems. However, it was still unsure whether a zero-day vulnerability was present in some networking services. Now, another exploitation has happened, and SonicWall has confirmed a zero-day vulnerability.

SonicWall Confirms SMA 100 Devices Are Actively Being Exploited, Warns Users
Photo by Kevin Horvat on Unsplash

As reported by Bleeping Computer, confirmation of zero-day attack followed after investigation. As of the moment, they are still digging deeper into the cause of the attack. Although they have not provided much information, they stated that their SMA 100 series line of remote access appliances are highly likely to be affected. The following are SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v.

SonicWall Confirms NCC Group's Findings

In the tweet released by NCC group, they have updated users in a timely manner that the SMA 100 series are affected once again. In an interview with NCC group via Bleeping Computer, the firm said, "Our team has observed signs of attempted exploitation of a vulnerability that affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth."

According to ZDNet, at this point, it seems that the SonicWall SMA is being actively exploited in numerous instances and thus needs further investigation to prevent it from happening again. It is not clear yet if the recent attack has the same level of vulnerability as the attack that was disclosed by SonicWall on their official website, but NCC group believes it could pose a similar threat.

NCC group is keen on not disclosing any details that may be used by attackers or that may cause unnecessary panic.However, they have advised administrators to be on the lookout for unusual IP addresses that try to hack the access logs of the management interface in Sonicwall. Moreover, Richard Warren who is a principal security consultant from NCC Group said that by trying to mitigate the situation, attackers will have limited access to the management interface of SonicWall. Thus, security measures need to be implemented as advised.

SonicWall Takes Action Following Exploitation, Advices Users to Downgrade to 9.x Firmware

In response to the exploitation, SonicWall has revealed that their management and administrators will be enabling a multi-factor authentication (MFA) as a security measure for all devices. Moreover, they recommend the need to set up IP address restrictions to further protect the management interface.

MFA should be enabled on all devices in order to prevent further damage. Management interface should also be limited only to known IP address users.

As SonicWall updated their security advisory, they confirmed the zero-day vulnerability discovered in first hand by the NCC group. As they are still developing the fix to the issue, SonicWall recommends in their official security advisory to do a downgrade of their devices in order to utilize 9.x firmware. By downloading the firmware, users will be able to reset the system to prevent it from further attack.

This article is owned by Techtimes

Written by Nikki D

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics