Cybersecurity solutions provider SonicWall has warned customers that a zero-day vulnerability has been found affecting several of its VPN products. The flaw is already being exploited by unknown threat actors.
“We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” an urgent SonicWall security advisory read. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
SonicWall has confirmed two impacted products so far: NetExtender VPN client version 10.x (released in 2020), and Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.
In addition to the affected products listed, SonicWall has indicated that it is still investigating whether the SMA 100 Series is at risk from the VPN vulnerability. The company can confirm, however, that all generations of SonicWall firewalls are safe to use, and that the NetExtender VPN Client, the SMA 1000 Series, the SonicWall SonicWave APs also remain unaffected.
SonicWall has also listed a number of mitigation strategies that customers can employ to protect themselves against the recently discovered zero-day. This includes enabling multi-factor authentication on impacted devices and restricting access to whitelisted IP addresses.
With VPN usage on the rise, even before the COVID-19 pandemic forced more employees to work remotely, cyberattackers have begun expending their efforts to hack popular VPN solutions. In addition to the SonicWall flaw, security issues have recently been found affecting devices made by Zyxel and SaferVPN.
- We’ve also put together a list of the best VPN solutions available