What started as an unconfirmed SonicWall vulnerability has now been confirmed by the Cybersecurity & Infrastructure Security Agency (CISA) as a zero-day vulnerability on the SMA 100 series 10.x code. The vulnerability affects both physical and virtual SonicWall SMA 100 10.x devices. This includes SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v. A patch is currently being developed that is expected to be delivered February 3rd.
As SonicWall customers wait for the patch, there are important steps that should be taken according to their security alert:
- If possible, shut down the SMA100 device until a patch is available; and
- Enable MFA;
- Reset user passwords for any accounts that use the SMA 100 series 10.x;
- If behind a firewall, block all access to the SMA on the firewall;
- SonicWall also encourages customers to protect against the vulnerability by enabling the built-in Web Application Firewall (WAF) on the SMA 100 series.
According to SonicWall, SonicWall firewalls and SMA 1000 series appliances, as well as all respective VPN clients, are unaffected and remain safe to use.