SonicWall was under Attack with Zero-day bug

Hackers attacked the manufacturer SonicWall through a 0-day vulnerability in its own VPN product.


Security hardware maker SonicWall has issued an urgent notice that hackers have infiltrated its internal systems through a zero-day vulnerability in its VPN products.


In a notice, SonicWall, which specializes in firewalls, VPN gateways and enterprise-grade network security solutions, reported that attackers exploited a previously unknown vulnerability in the Secure Mobile Access (SMA) VPN device and NetExtender VPN client to carry out a "sophisticated" attack. to its internal systems.


According to the notice, the vulnerability affects the following products:

  • NetExtender 10.x VPN client versions (2020 release) used to connect to SMA 100 devices and SonicWall firewalls;
  • Secure Mobile Access (SMA) VPN Appliance 10.x versions running on SMA 200, SMA 210, SMA 400, SMA 410 physical installations, and SMA 500v virtual installations.

The SMA is a physical device that provides VPN access to internal networks. In turn, NetExtender is a software client for connecting to compatible VPN-enabled firewalls.


Users of affected products are strongly advised to enable two-factor authentication, restrict SSL VPN connections to SMA installations to only known IP addresses from the "white" list (you can also configure it yourself) and disable access to firewalls through NetExtender or restrict only users and administrators. by adding their public IP addresses to the whitelist.


Although SonicWall does not disclose any details about the vulnerability, judging by the security measures suggested above, it can be classified as pre-authentification, that is, it allows you to remotely execute code without authorization.