The warning comes following a cyber-attack on the network security company last month


UPDATED A zero-day vulnerability in SonicWall enterprise security products is being actively exploited in the wild, cybersecurity firm NCC Group has warned.

Last month, network security provider SonicWall confirmed there had been a “highly sophisticated, coordinated” attack on its systems.

The company, which develops networking tools, cybersecurity products, and cloud platform solutions, said that an unknown assailant leveraged zero-day vulnerabilities in its products to gain access to its infrastructure.

Cybersecurity firm NCC Group, which has been investigating the incident, has now revealed there is a zero-day vulnerability in the company’s SMA 100 series of secure remote access devices, which is actively being exploited.


Read more of the latest zero-day vulnerability news


SonicWall wrote in a security advisory: “Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.

“SonicWall has identified the vulnerable code and is working on a patch to be available by end of day on February 2, 2021.”

Blocking access

SonicWall’s SMA series 100 series is tailored to increasingly mobile workforces by offering end-to-end secure remote access to enterprise resources hosted across on-prem, cloud, and hybrid data centers.

The vulnerability affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), the company said.

In lieu of a patch, SonicWall advises users to cease use of the impacted products or block access via firewall rules.

If users must continue operation, the manufacturer says to enable multi-factor authentication and rest passwords for accounts running the SMA 100 series with 10.x firmware.

More details regarding a workaround can be found within the advisory.

Patch issued

SonicWall has since released a fix for the vulnerabilities which also contains additional code to “strengthen” the device, the vendor told The Daily Swig.

A statement sent to The Daily Swig reads: “All SonicWall customers with active SMA 100 series devices running 10.x code should immediately apply the patch on physical and virtual appliances.

“Organizations should read the KB article in its entirety as it outlines how to upgrade to the latest SMA 100 series 10.x firmware via MySonicWall and provides important details in post-upgrade steps.

”The SMA 100 Series devices that require a patch are; physical appliances SMA 200, SMA 210, SMA 400, and SMA 410; virtual appliances SMA 500v (Azure, AWS, ESXi, HyperV).


READ MORE German armed forces reveals encouraging start to security vulnerability disclosure program