You are here

SonicWall Breach

A Message from the CoPS Cybersecurity Subcommittee to IBTTA Members
Please be aware of a recent security alert for the SonicWall appliance that many of you may use.

"On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team (PSIRT) about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code,” said SonicWall in an updated statement.

This vulnerability affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). A few thousand devices are impacted. SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability.

SonicWall said current SMA 100 series customers may continue to use NetExtender for remote access with the SMA 100 series, as it has determined that this use case is not susceptible to exploitation. NetExtender is SonicWall’s VPN client for Windows and Linux, and allows customers to connect to SMA 100 for secure access to their company’s network.”

CoPS Cybersecurity Subcommittee suggestions,

According to SonicWall’s website, no patch has been released at this time.  SonicWall is recommending that organizations with active SMA 100 series appliances enable multi-factor authentication (2FA); for more information, click here, How can I configure Time-Based One Time Password (TOTP) in SMA 100 series? | SonicWall

Check with your IT departments and or Services Providers to determine your level of exposure.  See additional information on the breach here, https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/