SonicWall Confirms Zero-Day Vulnerability

  /     /     /  
Publicated : 23/11/2024   Category : security


SonicWall Confirms Zero-Day Vulnerability


The confirmation arrives as researchers with NCC Group detect a SonicWall zero-day flaw under active attack.



SonicWall has confirmed a zero-day vulnerability affecting its SMA 100 Series. Its disclosure arrives as NCC Group researchers report an observation of attacks exploiting a SonicWall flaw. 
On Jan. 25, the network security provider
became the latest
in a string of security vendors to disclose a cyberattack. In SonicWalls case, attackers allegedly exploited vulnerabilities in its own products to breach its internal network. While it was able to verify several tools that were not affected in the attack, an investigation into other SonicWall products was still ongoing.
One week later, SonicWall has confirmed a critical zero-day flaw affecting its SMA 100 series 10.x code. It has identified the vulnerable code and is developing a patch to be available by end of day on Feb. 2. This vulnerability affects physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v). SMA 100 firmware prior to 10.x is not affected.
Around the same time SonicWall disclosed the zero-day, security researchers with NCC Group
reported
on Twitter they observed indication of indiscriminate use of an exploit in the wild. The researchers have contacted SonicWall and are reportedly working to investigate the attack. 
A spokeswoman for NCC Group
confirmed
to Ars Technica that the attempted exploits target a vulnerability affecting the SonicWall SMA 100 series; however, no further details are available at this time.
SonicWall
has published more details
on the zero-day along with steps that companies can take to secure their tools before a patch arrives.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SonicWall Confirms Zero-Day Vulnerability