Bose Work Remote Promo
Bose Work Remote Mobile Promo
Take Our Survey on Your IoT/Collaboration Plans & You Could Win a 60" 4K UHD Display!
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

SonicWall Issues Patch For Zero-Day Vulnerability

SonicWall has issued a patch for products affected by a zero-day vulnerability that could allow a remote-code execution attack.

February 4, 2021 Zachary Comeau Leave a Comment

SonicWall Vulnerability Patch

Just days after disclosing that a highly skilled cyber attacker had exploited zero-day vulnerabilities in some of its secure remote access products, SonicWall has issued a patch for the affected products.

The firewall and cybersecurity company is urging users of the SMA 100 series 10.X firmware to update immediately to patch a zero-day vulnerability on SMA 100 series 10.x code.

This comes about a week after the vulnerabilities were disclosed on several versions of the company’s Secure Mobile Access (SMA) series of gateway products.

Exploits included the possibility to gain admin credential access and a subsequent remote-code execution attack, according to SonicWall.

“All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation,” reads a message on the company’s website.

Affected SMA devices with the 10.x firmware that require the patch include physical appliances like the SMA 200, SMA 210, SMA 400 and SMA 410. Virtual appliances that need patching include SMA 500v (Azure, AWS, ESXi, HyperV).

Last week, the company said in a series of posts on its website that it identified a coordinated attack on its internal systems by sophisticated cyber actors via probably zero-day vulnerabilities.

“SonicWall provides cybersecurity products, services and solutions designed to help keep organizations safe from increasingly sophisticated cyber threats,” the company said in a post last week.

“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations.”

On Wednesday, the company said it isn’t yet aware of forensic data that can determine if a user’s device was attacked.

According to SonicWall, vulnerable virtual SMA 100 series 10.x images have been pulled from AWS and Azure marketplaces and updated images will be re-submitted as soon as possible.

The approval process is expected to take several weeks. For now, customers in Azure and AWS can update via incremental updates.

How to update and patch the vulnerability

Customers can download the update on the company’s website, regardless of the status of their support or service contract. Instructions on how to update the SMA 100 10.x series are in this KB article for physical appliances and this KB article for virtual devices.

After downloading, users should reset passwords for any users who may have logged in to the device via the web interface.

Then, users should enable multifactor authentication.

If a customer is unable to immediately patch, they can enable the built-in Web Application Firewall features to mitigate the vulnerability in SNWLID-2021-0001 on SMA 100 series 10.x devices. SonicWall is adding 60 days free of WAF enablement to all registered SMA 100 series devices with 10.x code.

However, users should still apply the patch when they can.

Tagged With: Cybersecurity, SonicWal

Related Content:

  • Industrial IoT, IBM Siemens MindSphere IBM, Siemens Bring The Hybrid Cloud To Industrial…
  • Google Vulnerability Researchers Donald Trump, and 15,000 Others, Just Got Hacked…
  • Zoom Hybrid Work Zoom Banks On Its Education Customers, Apps, Zoom…
  • Intelligent Assistant Regional Accent Alexa Amazon’s Alexa Conversations Makes Chatbots More Realistic

Free downloadable guide you may like:

  • Introducing the IT Pro MBA: Vetting Technology

    At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. Sometimes the hardest part of the whole thing is just getting started. In this new series from My TechDecisions, the IT Pro MBA: Vetting Technology guide deep-dives […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Introducing the IT Pro MBA: Vetting Technology

At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. ...

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.