al capone
Advanced
- Joined
- 13.09.20
- Messages
- 159
- Reaction score
- 2,106
- Points
- 93
The attackers exploited the vulnerability in the Secure Mobile Access VPN device and the NetExtender VPN client.
The manufacturer of hardware security solutions SonicWall has published an urgent notification about the penetration of hackers into its internal systems through a zero-day vulnerability in its own VPN products.
In its notice, SonicWall, which specializes in the production of firewalls, VPN gateways and enterprise-level network security solutions, said that attackers exploited a previously unknown vulnerability in the Secure Mobile Access (SMA) VPN device and the NetExtender VPN client to carry out a" sophisticated " attack on its internal systems.
According to the notification, the vulnerability affects the following products:
Versions of the NetExtender 10.x VPN client (2020 release) used to connect to SMA 100 series devices and SonicWall firewalls;
Versions of the Secure Mobile Access (SMA) 10.x VPN device running on physical SMA 200, SMA 210, SMA 400, SMA 410, and virtual SMA 500v installations.
An SMA is a physical device that provides access to internal networks via a VPN. In turn, NetExtender is a software client for connecting to compatible firewalls with VPN support.
Users of vulnerable products are strongly advised to enable two-factor authentication, restrict SSL-VPN connections to SMA installations only to known IP addresses from the "white" list (it can also be configured independently), and disable access to firewalls via NetExtender, or restrict only users and administrators by adding their public IP addresses to the white list.
Although SonicWall does not disclose any details about the vulnerability, judging by the security measures proposed above, it may belong to the category of pre-authentication, that is, it allows you to remotely execute code without authorization.
The manufacturer of hardware security solutions SonicWall has published an urgent notification about the penetration of hackers into its internal systems through a zero-day vulnerability in its own VPN products.
In its notice, SonicWall, which specializes in the production of firewalls, VPN gateways and enterprise-level network security solutions, said that attackers exploited a previously unknown vulnerability in the Secure Mobile Access (SMA) VPN device and the NetExtender VPN client to carry out a" sophisticated " attack on its internal systems.
According to the notification, the vulnerability affects the following products:
Versions of the NetExtender 10.x VPN client (2020 release) used to connect to SMA 100 series devices and SonicWall firewalls;
Versions of the Secure Mobile Access (SMA) 10.x VPN device running on physical SMA 200, SMA 210, SMA 400, SMA 410, and virtual SMA 500v installations.
An SMA is a physical device that provides access to internal networks via a VPN. In turn, NetExtender is a software client for connecting to compatible firewalls with VPN support.
Users of vulnerable products are strongly advised to enable two-factor authentication, restrict SSL-VPN connections to SMA installations only to known IP addresses from the "white" list (it can also be configured independently), and disable access to firewalls via NetExtender, or restrict only users and administrators by adding their public IP addresses to the white list.
Although SonicWall does not disclose any details about the vulnerability, judging by the security measures proposed above, it may belong to the category of pre-authentication, that is, it allows you to remotely execute code without authorization.