News Hackers attacked the manufacturer of SonicWall through a 0-day vulnerability in its own VPN products


al capone

Advanced
Joined
13.09.20
Messages
159
Reaction score
2,106
Points
93
The attackers exploited the vulnerability in the Secure Mobile Access VPN device and the NetExtender VPN client.
The manufacturer of hardware security solutions SonicWall has published an urgent notification about the penetration of hackers into its internal systems through a zero-day vulnerability in its own VPN products.

In its notice, SonicWall, which specializes in the production of firewalls, VPN gateways and enterprise-level network security solutions, said that attackers exploited a previously unknown vulnerability in the Secure Mobile Access (SMA) VPN device and the NetExtender VPN client to carry out a" sophisticated " attack on its internal systems.

According to the notification, the vulnerability affects the following products:

Versions of the NetExtender 10.x VPN client (2020 release) used to connect to SMA 100 series devices and SonicWall firewalls;

Versions of the Secure Mobile Access (SMA) 10.x VPN device running on physical SMA 200, SMA 210, SMA 400, SMA 410, and virtual SMA 500v installations.

An SMA is a physical device that provides access to internal networks via a VPN. In turn, NetExtender is a software client for connecting to compatible firewalls with VPN support.

Users of vulnerable products are strongly advised to enable two-factor authentication, restrict SSL-VPN connections to SMA installations only to known IP addresses from the "white" list (it can also be configured independently), and disable access to firewalls via NetExtender, or restrict only users and administrators by adding their public IP addresses to the white list.

Although SonicWall does not disclose any details about the vulnerability, judging by the security measures proposed above, it may belong to the category of pre-authentication, that is, it allows you to remotely execute code without authorization.
 
Top Bottom