Just days after disclosing that a highly skilled cyber attacker had exploited zero-day vulnerabilities in some of its secure remote access products, SonicWall has issued a patch for the affected products.
The firewall and cybersecurity company is urging users of the SMA 100 series 10.X firmware to update immediately to patch a zero-day vulnerability on SMA 100 series 10.x code.
This comes about a week after the vulnerabilities were disclosed on several versions of the company’s Secure Mobile Access (SMA) series of gateway products.
Exploits included the possibility to gain admin credential access and a subsequent remote-code execution attack, according to SonicWall.
“All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation,” reads a message on the company’s website.
Affected SMA devices with the 10.x firmware that require the patch include physical appliances like the SMA 200, SMA 210, SMA 400 and SMA 410. Virtual appliances that need patching include SMA 500v (Azure, AWS, ESXi, HyperV).
Last week, the company said in a series of posts on its website that it identified a coordinated attack on its internal systems by sophisticated cyber actors via probably zero-day vulnerabilities.
“SonicWall provides cybersecurity products, services and solutions designed to help keep organizations safe from increasingly sophisticated cyber threats,” the company said in a post last week.
“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations.”
On Wednesday, the company said it isn’t yet aware of forensic data that can determine if a user’s device was attacked.
According to SonicWall, vulnerable virtual SMA 100 series 10.x images have been pulled from AWS and Azure marketplaces and updated images will be re-submitted as soon as possible.
The approval process is expected to take several weeks. For now, customers in Azure and AWS can update via incremental updates.
How to update and patch the vulnerability
Customers can download the update on the company’s website, regardless of the status of their support or service contract. Instructions on how to update the SMA 100 10.x series are in this KB article for physical appliances and this KB article for virtual devices.
After downloading, users should reset passwords for any users who may have logged in to the device via the web interface.
Then, users should enable multifactor authentication.
If a customer is unable to immediately patch, they can enable the built-in Web Application Firewall features to mitigate the vulnerability in SNWLID-2021-0001 on SMA 100 series 10.x devices. SonicWall is adding 60 days free of WAF enablement to all registered SMA 100 series devices with 10.x code.
However, users should still apply the patch when they can.