IT security company SonicWall says a “sophisticated threat actor” has exploited zero-day vulnerabilities on some of its secure remote access products.
In a series of posts on its website, the company said it identified a coordinated attack on its internal systems by sophisticated cyber actors via probable zero-day vulnerabilities on certain products. Those impacted products include several versions of its Secure Mobile Access (SMA) series of gateway products.
Products affected are the SMA version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance, the company first said on Jan. 22.
A day later, the company updated the notice, saying all generations of SonicWall firewalls are not affected by the vulnerability that impacts the SMA 100.
The company also said the NetExtender 10.x – which it previously identified as having a zero-day – has been ruled out.
“It may be used with all SonicWall products,” the company’s advisory states. “No action is required from customers or partners.”
Further, the company’s SMA 1000 series is not affected, and customers are safe to use the SMA 1000 series and their associated clients.
Customers can continue to use NetExtender for remote access with the SMA 100 series, but SMA 100 series administrators are advised to create specific access rules while the company continues to investigate the vulnerability. SonicWave Access Points are also not affected.
However, the company continues to investigate the SMA 100 series, but the products may still be used safely in common deployment use cases. For more details and steps on further mitigation, visit the company’s support page.
The company says it is in everyone’s best interest – customers, channel partners and the tech community at large – to be transparent about ongoing attacks.
“SonicWall provides cybersecurity products, services and solutions designed to help keep organizations safe from increasingly sophisticated cyber threats,” the company says.
“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations.”
SonicWall’s disclosure comes as the tech community continues to realize the impact of the SolarWinds breach. Microsoft, FireEye and several other notable tech and cybersecurity companies have fallen victim to the hack, along with some U.S. government agencies.
However, it’s unclear if SonicWall’s breach is related to those attacks.