Zero-day vulnerability in SonicWall products actively exploited in the wild

A zero-day vulnerability in SonicWall enterprise security products is being actively exploited in the wild, cybersecurity firm NCC Group has warned.

Last month, network security provider SonicWall confirmed there had been a “highly sophisticated, coordinated” attack on its systems.

The company, which develops networking tools, cybersecurity products, and cloud platform solutions, said that an unknown assailant leveraged zero-day vulnerabilities in its products to gain access to its infrastructure.

Cybersecurity firm NCC Group, which has been investigating the incident, has now revealed there is a zero-day vulnerability in the company’s SMA 100 series of secure remote access devices, which is actively being exploited.

SonicWall wrote in a security advisory: “Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.

“SonicWall has identified the vulnerable code and is working on a patch to be available by end of day on February 2, 2021.”

Blocking access
SonicWall’s SMA series 100 series is tailored to increasingly mobile workforces by offering end-to-end secure remote access to enterprise resources hosted across on-prem, cloud, and hybrid data centers.

The vulnerability affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), the company said.

In lieu of a patch, SonicWall advises users to cease use of the impacted products or block access via firewall rules.

If users must continue operation, the manufacturer says to enable multi-factor authentication and rest passwords for accounts running the SMA 100 series with 10.x firmware.

More details regarding a workaround can be found within the advisory.

Source: https://portswigger.net/daily-swig/zero-day-vulnerability-in-sonicwall-products-actively-exploited-in-the-wild