Following a sophisticated cyberattack against its internal systems, SonicWall, a pure-play cybersecurity vendor revealed a zero-day vulnerability in its SMB-oriented remote access product called Secure Mobile Access (SMA). Only the SMA 100 Series remains vulnerable. The VPN client associated with SMA 100, NetExtender 10.X, was also said to be vulnerable earlier. But SonicWall clarified in its updated security notice that NetExtender 10.X is not susceptible to this vulnerability and can be safely used with all SonicWall products.
Affected products:
SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) remains vulnerable. For more details, refer to the security notice.
Which SonicWall Products remain unaffected?
SonicWall later cleared up that the following products remain unaffected by the vulnerability impacting SMA 100 series. Therefore, no action is required from customers or partners regarding these products:
SMA 100 associated client "NetExtender 10.x," is not susceptible to this vulnerability and can be safely used with all SonicWall products.
All generations of SonicWall firewalls are not affected.
Customers are safe to use SMA 1000 series and their associated clients.
SonicWave Access Points is not affected.
Resolution:
As of now, no patches have been released by the vendor, but SMA 100 series administrators are advised to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet, as per SonicWall's mitigation guideline.
Vulnerability Manager Plus detects the machines in which "NetExtender 10.x" is installed and displays them in the Zero-day vulnerability section under the Threats tab. Please note that the NetExtender 10.x per se isn't vulnerable. NetExtender 10.x installations are detected only to bring to your attention that there might be chances of SMA 100 appliances deployed in your network. Users will have to manually verify whether they're running SMA 100 appliances in their network and follow the mitigation steps linked to the vulnerability.