Monday, February 22, 02:34
Home security SonicWall: Violated via zero-day vulnerability in its VPN products

SonicWall: Violated via zero-day vulnerability in its VPN products

Η Sonicall warns them customers on about exploiting a zero-day vulnerability in its VPN products, by cybercriminals. According to the warning, criminals use it vulnerability to attack the interior systems the company's.

SonicWall: Violated via zero-day vulnerability in its VPN products

SonicWall is known for its construction firewall, VPN gateways and for providing network security solutions.

On Friday night, SonicWall published one urgent warning, in which he said that criminals used a zero-day vulnerability in the device Secure Mobile Access (SMA) VPN and NetExtender VPN client for internal contamination systems.

zero-day VPN
SonicWall: Violated via zero-day vulnerability in its VPN products

SonicWall has started research to find which ones Appliances affected by this vulnerability. At the moment, we know the following:

Vulnerable devices:

  • NetExtender VPN client version 10.x (released in 2020)
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical devices and virtual SMA 500v

Not affected:

  • SonicWall Firewalls
  • NetExtender VPN Client
  • SMA 1000 Series
  • SοnicWall SonicWave APs

For unaffected devices, the customers and partners do not need to take any action.

Also under investigation:

SMA 100 Series

SonicWall suggests its customers to enable Multi-Factor Authentication (MFA) on Appliances affected by zero-day vulnerability and restrict access to devices.

Multi-factor authentication (MFA) must be enabled on all SonicWall SMA, firewalls and Mysonicwall accounts.

  • https://www.sonicwall.com/support/knowledge-base/how-to-configure-two-factor-authentication-using-totp-for-https-management/190201153847934/
  • https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-ldap-and-totp/190829123329169/
  • https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/
Sonicall
SonicWall: Violated via zero-day vulnerability in its VPN products

So far, SocialWall has not provided details on the zero-day vulnerability.

VPN vulnerabilities are often used by criminals to obtain access and infringement of a company's internal systems.

Source: Bleeping Computer

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...