Cybersecurity company SonicWall has recently encountered a zero-day attack on its systems through a bug exploit, said Bleeping Computer. The attackers used their virtual private network (VPN) products to access their internal systems.
The firm, which has manufactured hardware firewall systems, VPN gateways, and network security options, issued an urgent advisory notifying clients that hackers have accessed its systems through a flaw in its product offerings.
The products in question are the Secure Mobile Access (SMA) VPN device and its NetExtender VPN client. The attack is described as “sophisticated.” No further information about the vulnerabilities was released by the firm.
However, Bleeping Computer noted that “based on the mitigation steps, they appear to be pre-auth vulnerabilities that can be remotely exploited on publicly accessible devices.”
The notice, “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
The company immediately conducted an investigation to track the devices affected by this incident. According to its report, the NetExtender VPN client version 10.x for SMA 100 series and SonicWall firewalls were affected but were fixed.
SMA version 10.x on SMA 200, 210, 400, and 410 appliances and 500v virtual appliance also became vulnerable. The company is still investigating the vulnerability of the SMA 100 series.
Meanwhile, SonicWall firewalls, NetExtender VPN Client, SMA 1000 Series, and SonicWall SonicWave APs are not susceptible to the hack.
A report by SC Media noted that users of these services can continue using them. The company said, “We have determined that this use case is not susceptible to exploitation.”
While the company did not release details of the issue, Bleeping Computer was contacted by a party claiming to have info about a zero-day in an unnamed firewall vendor. The report noted that it is not clear whether this tip is related to SonicWall.
According to the threat actor, “I have information about a hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their clients who are under attack due to several zero-days.”
The email also noted that “very large companies are vulnerable technology companies.” When Bleeping Computer prodded for more info, the party did not respond.
VPN flaws have long been one of the most exploited methods by hackers who seek to gain unauthorized access to an organization’s internal network.
