The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Sonicwall

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
September 24, 2021Ravie Lakshmanan
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as  CVE-2021-20034 , the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings. "The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody,'" the San Jose-based firm  noted  in an advisory published Thursday. "There is no evidence that this vulnerability is being exploited in the wild." SonicWall credited Wenxu Yin of Alpha Lab, Qihoo 360, with reporting the security shortcoming, which impacts SMA 100 Series — SMA 200, SMA 210,

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances
July 15, 2021Ravie Lakshmanan
Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances ( CVE-2019-7481 ) are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide. "SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials," the company  said . "The exploitation targets a known vulnerability that has been patched in newer versions of firmware." SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesse

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks
June 22, 2021Ravie Lakshmanan
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as  CVE-2021-20019  (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure. It's worth noting that SonicWall's decision to hold back the patch comes amid  multiple   zero-day   disclosures  affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild. Memory Dump PoC "SonicWal

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances
April 20, 2021Ravie Lakshmanan
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the  flaws  were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's ES application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021. FireEye is tracking the malicious activity under the moniker UNC2682. "These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device," researchers Josh Fleischer, Chris DiGiamo, and Alex Pennino  said . The adversary leveraged these vulnerabilities, with intimate

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices
February 01, 2021Ravie Lakshmanan
SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), came to light after the NCC Group on Sunday  alerted  it had detected "indiscriminate use of an exploit in the wild." Details of the exploit have not been disclosed to prevent the zero-day from being misused further, but a patch is expected to be available by the end of day on February 2, 2021. "A few thousand devices are impacted," SonicWall  said  in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively  revealed  that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "probable zero-day vulnerabilities" in its SMA 100 series remote acc

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
January 22, 2021Ravie Lakshmanan
SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access ( SMA ) that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News. The development comes after The Hacker News received reports that SonicWall's internal systems went down earlier this week on Tuesday and that the source code hosted on the company's GitLab repository was accessed by the attackers. SonicWall wouldn't confirm the re
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.