SonicWall SMA 100 zero day vulnerability - details and mitigation steps

SonicWall SMA 100 zero day vulnerability - details and mitigation steps

Following a sophisticated cyberattack against its internal systems, SonicWall, a pure-play cybersecurity vendor revealed a zero-day vulnerability in its SMB-oriented remote access product called Secure Mobile Access (SMA). Only the SMA 100 Series remains vulnerable. The VPN client associated with SMA 100, NetExtender 10.X, was also said to be vulnerable earlier. But SonicWall clarified in its updated security notice that NetExtender 10.X is not susceptible to this vulnerability and can be safely used with all SonicWall products.

 

Affected products:

SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) remains vulnerable. For more details,  refer to the security notice.

 

Which SonicWall Products remain unaffected?

SonicWall later cleared up that the following products remain unaffected by the vulnerability impacting SMA 100 series. Therefore, no action is required from customers or partners regarding these products: 

 

  • SMA 100 associated client "NetExtender 10.x," is not susceptible to this vulnerability and can be safely used with all SonicWall products.

  • All generations of SonicWall firewalls are not affected.

  • Customers are safe to use SMA 1000 series and their associated clients. 

  • SonicWave Access Points is not affected. 

 

Resolution:

As of now, no patches have been released by the vendor, but SMA 100 series administrators are advised to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet, as per SonicWall's mitigation guideline.


Cheers,
The ManageEngine team