SonicWall Issues and Retracts Alert of Hackers Exploiting Zero-Day Vulnerability Within SonicWall VPN

January 26, 2021

SonicWall, a company providing firewalls and other cybersecurity solutions, issued an alert indicating that it had found a probable zero-day vulnerability with its SMA 100 series products on Jan. 22, 2021. A zero-day vulnerability is a software security threat that is discovered at the same time it is noticed that hackers have already executed an attack.

SonicWall is continuing to investigate the potential vulnerability. However, organizations that use SMA 100 series appliances should take the steps below to mitigate potential risk:

1. Immediately enable two-factor authentication on SMA 100 series appliances if not already in place.
2. Enable Geo-IP/botnet filtering and create a policy blocking web traffic from countries that do not need to access your applications.
3. Enable and configure End Point Control to verify a user’s device before establishing a connection.
4. Restrict access to the portal by enabling Scheduled Logins/Logoffs.

According to SonicWall, the following products were not impacted, and no action is required by customers or partners:

• SonicWall Firewall
• NetExtender VPN
• SonicWave APs
• SMA 1000 Series
• SonicWave Access Points

Fairview Cyber will continue to monitor updates to this event as the SonicWall investigation evolves.