“Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats.
SONICWALL IPSECURITAS VPN UPDATE
SonicWall immediately and repeatedly contacted impacted organizations of mitigation steps and update guidance. This exploitation targets a long-known vulnerability that was patched in newer versions of firmware released in early 2021. For those SRA customers running firmware 10.x, SonicWall said customers should immediately update to 10.2.0.7-34sv or later.Ī SonicWall spokesperson sent this statement to Threatpost: “Threat actors will take any opportunity to victimize organizations for malicious gain. If legacy hardware is unable to be updated to 9.x or 10.x versions of SonicWall’s firmware, the company said a free version of its virtual SMA 500v is available for the next 108 days, with the freebie expiring October 31.įor SRA-series products actively supported (210/410/500v), SonicWall advised customers running firmware 9.x to immediately update to 9.0.0.10-28sv or later. “If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation,” SonicWall said.
SONICWALL IPSECURITAS VPN UPGRADE
What SonicWall Patches and Mitigation Are Available?Ĭustomers are urged to upgrade firmware immediately on those appliances still supported and to “disconnect immediately” legacy products, including SRA 4600/1600 (EoL 2019), SRA 4200/1200 (EoL 2016) and SSL-VPN 200/2000/400 (EoL 2013/2014). “CrowdStrike Services incident-response teams identified eCrime actors leveraging an older SonicWall VPN vulnerability, CVE-2019-7481, that affects Secure Remote Access (SRA) 4600 devices the ability to leverage the vulnerability to affect SRA devices was previously undisclosed by SonicWall,” it wrote. Researchers there asserted that Thursday’s SonicWall security notice is part of an ongoing exploitation of a vulnerability ( CVE-2019-7481), which they disclosed last month.
“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” according to the security bulletin.Īccording reporting by The Record, the bugs and attacks are ongoing, tracing back to research published in June by Crowdstrike. In a Thursday security notice, the company reported that researchers at Mandiant identified “threat actors actively targeting” three SMA 100 models and nine older SRA-series secure VPN products no longer supported by SonicWall. Targeted are the company’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) secure VPN appliances with both unpatched and end-of-life (EoL) 8.x firmware. Security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials” that’s exploiting security holes in current models and those running legacy firmware.