SonicWall Product Security Notice

Summary:  

Last Friday (1/22/21), SonicWall released a statement via their blog that they had been subject to a highly sophisticated and coordinated cyber-attack that appeared to have leveraged possible zero-day vulnerabilities in certain SonicWall remote access products.

SonicWall had initially reported that the potentially impacted products were the NetExtener VPN client and the Secure Mobile Access (SMA) product. SonicWall has since updated their initial report after ruling out that the NetExtender VPN client as an impacted product.

Vertek’s Response:

Vertek does not utilize any SonicWall products, and is not at risk of this recent disclosure. While no IOCs have currently been published, Vertek is committed to providing the latest security information.  As IOCs are published, they will be added to an OTX pulse.

Affected Products and Versions:

Secure Mobile Access (SMA) 100 Series:

• Version 10.x:
  • SMA 200
  • SMA 210
  • SMA 400
  • SMA 410
  • SMA 500v

Guidance:

SonicWall has offered recommendations and guidance for those using the SMA 100 Series product line.

• Restrict access to the SMA appliance on a whitelist basis, either through a firewall or on the SMA appliance directly.
  • https://www.sonicwall.com/support/knowledge-base/how-to-restrict-access-for-netextender-mobile-connect-users-based-on-policy-for-ip-address/170502499350337/
• Enable MFA for all SonicWall SMA, Firewall, & MySonicWall Accounts.
  • https://www.sonicwall.com/support/knowledge-base/how-to-configure-two-factor-authentication-using-totp-for-https-management/190201153847934/
  • https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-ldap-and-totp/190829123329169/
  • https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/