SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild

The Sonicwall Zero day Attack. NCC Group recently reported that an active zero-day SonicWall SMA 100 zero-day vulnerability being exploited in the wild. Sonicwall commented that it affects the SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) line of remote access appliances. However, both companies did not provide any further information to mitigate the risk of unintentionally disclosing attack vectors. SonicWall is yet to release a fix as of yet for its affected product, which expected by Tuesday’s end. The company has tracked this vulnerability as SNWLID-2021-0001. A vulnerability management tool can remediate this vulnerability.

Last week SonicWall reported a coordinated attack on its internal systems by highly sophisticated threat actors. According to reports, only SMA 100 Series affected, and SonicWall Firewalls, NetExtender VPN Client, and SMA 1000 Series remain unaffected, and customers need not take any actions. However, a patch management solution can patch these vulnerabilities. The company stated that customers may continue NetExtender for remote access with the SMA 100 series.

Physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v).

SonicWall has advised that multi-factor authentication (MFA) enabled on all SonicWall SMA, Firewall & MySonicWall Accounts. SonicWall released the following note:

SanerNow software deployment capability used to install executables/scripts.