Imminent Risk of Ransomware Attacks Exploiting Flaw in SonicWall SRA/SMA 100 Series VPN Appliances

SonicWall News

Share this article on:

SonicWall has issued an urgent security notice warning users of its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running end-of-life firmware about an imminent ransomware campaign using stolen credentials.

The campaign exploits a known vulnerability in 8.x firmware on the devices. SonicWall patched the vulnerability in later versions of the firmware. All users of these devices that are still running the vulnerable firmware version have been advised to update to version 9.x or 10.x of the firmware immediately.

SonicWall became aware of threat actors targeting the vulnerability in SMA 100 series and SRA products through collaboration with trusted third parties. “The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” explained SonicWall.

Customers using end-of-life SMA or SRA devices running the vulnerable 8.x firmware should apply the update immediately or disconnect their appliances and reset passwords. EOL devices are:

  • SRA 4600/1600 (EOL 2019)
  • SRA 4200/1200 (EOL 2016)
  • SSL-VPN 200/2000/400 (EOL 2013/2014)

SMA 400/200 is still supported in Limited Retirement Mode. Users should update to 10.2.0.7-34 or 9.0.0.10 immediately, reset passwords, and enable MFA.

All known vulnerabilities have been corrected in the latest versions of 9.x or 10.x firmware and users of SMA 1000 series products are not affected. Users of these products should ensure they are running the most current firmware versions, should implement multi-factor authentication, and ensure that any future firmware updates are applied as soon as possible.

SMA 210/410/500v has not reached end of life and is actively supported but may still be running firmware versions with vulnerabilities discovered in 2021. Users running firmware 9.x should immediately update to 9.0.0.10-28sv or later and users of firmware 10.x should immediately update to 10.2.0.7-34sv or later.

Customers using end-of-life devices running the vulnerable version 8.x firmware who are not able to upgrade to 9.x or 10.x are being offered a complimentary virtual SMA 500v until October 31, 2021, which is still being supported.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On