SonicWall has issued an urgent warning for users of its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running 8.x firmware.
SonicWall has learned of threat actors targeting a known vulnerability in the firmware using stolen credentials. SonicWall explained in its alert that ransomware attacks are imminent and urgent action must be taken to prevent exploitation of the flaw.
SonicWall has corrected the vulnerability in later versions of the firmware. All users of SMA 100 series and SRA devices running the vulnerable firmware version have been told to either update to version 9.x or 10.x of the firmware immediately.
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” said SonicWall.
EOL devices are:
- SRA 4600/1600 (EOL 2019)
- SRA 4200/1200 (EOL 2016)
- SSL-VPN 200/2000/400 (EOL 2013/2014)
All customers who are using the above devices with 8.x firmware should apply the update immediately or disconnect their appliances and reset passwords.
SMA 400/200 has reached end-of-life, but support is still provided in Limited Retirement Mode. Users should update to 10.2.0.7-34 or 9.0.0.10 immediately, reset passwords, and enable MFA. SMA 1000 series products are not affected,
SMA 210/410/500v is actively supported, but vulnerabilities have been identified in 2021 that could potentially be exploited. Users running firmware 9.x should update to 9.0.0.10-28sv or later and users of firmware 10.x should update to 10.2.0.7-34sv or later immediately.
SonicWall is offering a complimentary virtual SMA 500v to users of users of end-of-life devices that cannot be updated to the latest 9.x or 10.x firmware versions until October 31, 2021.