SonicWall SMA 100 zero day vulnerability - details and mitigation steps

SonicWall SMA 100 zero day vulnerability - details and mitigation steps

Following a sophisticated cyberattack against its internal systems, SonicWall, a pure-play cybersecurity vendor revealed a zero-day vulnerability in its SMB-oriented remote access product called Secure Mobile Access (SMA). Only the SMA 100 Series remains vulnerable. The VPN client associated with SMA 100, NetExtender 10.X, was also said to be vulnerable earlier. But SonicWall clarified in its updated security notice that NetExtender 10.X is not susceptible to this vulnerability and can be safely used with all SonicWall products.

 

Affected products:

SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) remains vulnerable. For more details,  refer to the security notice.

 

Which SonicWall Products remain unaffected?

SonicWall later cleared up that the following products remain unaffected by the vulnerability impacting SMA 100 series. Therefore, no action is required from customers or partners regarding these products: 

 

  • SMA 100 associated client "NetExtender 10.x," is not susceptible to this vulnerability and can be safely used with all SonicWall products.

  • All generations of SonicWall firewalls are not affected.

  • Customers are safe to use SMA 1000 series and their associated clients. 

  • SonicWave Access Points is not affected. 

 

Resolution:

As of now, no patches have been released by the vendor, but SMA 100 series administrators are advised to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet, as per SonicWall's mitigation guideline.

 

Note: The following steps are applicable only for customers with an active subscription to the endpoint security add-on or the vulnerability management add-on.  

The systems in which "NetExtender 10.x" is installed are displayed in the Zero-day vulnerability section under the Threats and patches tab in the web console. Please note that the NetExtender 10.x per se isn't vulnerable. NetExtender 10.x installations are detected only to bring to your attention that there might be instances of SMA 100 appliances deployed in your network. Users will have to manually verify whether they're running SMA 100 appliances in their network and follow the mitigation steps linked to the vulnerability.


Cheers,
The ManageEngine team

 



                  New to ADSelfService Plus?