Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are:
- NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance
The NetExtender VPN client and SMB-oriented SMA 100 series are used for providing employees/users with remote access to internal resources. The SMA 1000 series is not susceptible to this vulnerability and utilizes clients different from NetExtender.
IMPORTANT: Organizations with active SMA 100 Series appliances or with NetExtender 10.x currently have the following options:
FOR SMA 100 SERIES
- Use a firewall to only allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs
- Or configure whitelist access on the SMA directly itself
- Please reference:
FOR FIREWALLS WITH SSL-VPN ACCESS VIA NETEXTENDER VPN CLIENT VERSION 10.X
- Disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs
- Please reference:
MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS
- Please reference:
- https://www.sonicwall.com/support/knowledge-base/how-to-configure-two-factor-authentication-using-totp-for-https-management/190201153847934/
- https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-ldap-and-totp/190829123329169/
- https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/
The information contained in this website is for general information purposes only. The information is gathered from SonicWall, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.