Information security specialists of the NCC Group have discovered that a mysterious zero-day vulnerability in SonicWall’s network devices is already under “indiscriminate” attacks. Since there is still no patch, details of the nature of the bug are not disclosed to prevent other hackers from joining the attacks. SonicWall developers were notified of what was happening last weekend.
One NCC Group expert told ZDNet the following:
“Earlier this week, we noticed that one attacker was already using [0-day]. At that time, we only raised honeypot, so we did not receive a full request. But that prompted us to reverse engineer the request path, and we identified a bug that we believe was exploited by the attacker. ”
At the same time, analysts are convinced that they have discovered the very same zero-day vulnerability, with the help of which a mysterious attacker recently hacked SonicWall itself, penetrating the manufacturer’s internal network.
Let me remind you that at the end of January it became known that SonicWall had suffered during a “coordinated hacker attack.” Representatives of the company still do not report any details about this incident, they only write that Secure Mobile Access (SMA) version 10.x, running on hardware solutions SMA 200, SMA 210, SMA 400, should be considered vulnerable to an unknown 0-day problem. SMA 410 and virtual SMA 500v. Also, SMA 100 series devices are still under investigation.