They also do not reveal any information about the nature of the breach and how their network was affected. These platforms are used by enterprise environments to secure access to their internal networks, so any unreported and unpremeditated vulnerabilities represent a significant security risk for any enterprise that utilizes their products. The statement released by SonicWall does not offer a detailed account of the breach or the vulnerability, however they do state that they believe the attackers utilized zero-day vulnerabilities for their NetExtender VPN Client and Secure Mobile Access platforms. Technical Detail & Additional Information WHAT IS THE THREAT? SonicWall has released a statement regarding their investigation into a “coordinated” attack against their internal network that they believe made use of zero-day vulnerabilities in their remote access point products. We have determined that this use case is not susceptible to exploitation.” Threat Update Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. No action is required from customers or partners. It may be used with all SonicWall products. *Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. ![]() ![]() Cybersecurity Threat Advisory 0003-21: SonicWall NetExtender VPN Client and SMA 100 Zero-Day
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |