SonicWall hacked via zero day flaw in its own remote access solutions

SonicWall hacked via zero day flaw in its own remote access solutions

SonicWall, a provider of network, access, email, cloud, and endpoint security solutions, said it has suffered a “coordinated” attack on its internal systems conducted by “highly sophisticated threat actors”, in which the attackers exploited “probable” zero day vulnerabilities in the company’s remote access tools.

SonicWall did not share any additional information regarding the hack, or details on zero day. In its initial advisory the company listed its NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls, and Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance as impacted by the vulnerabilities, however, in a subsequent update SonicWall said that its NetExtender VPN Client is not affected by the zero day flaw.

SonicWall is currently investigating what devices are affected by the vulnerability. So far, the company determined that the following solutions are not affected:

  • SonicWall Firewalls: All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). No action is required from customers or partners.

  • NetExtender VPN Client: While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners.

  • SMA 1000 Series: This product line is not affected by this incident. Customers are safe to use SMA 1000 series and their associated clients. No action is required from customers or partners.

  • SonicWall SonicWave APs: No action is required from customers or partners.

SMA 100 Series is still under investigation, however, the security firm provided the guidance on deployment use cases:

  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.

  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

The company said it will publish additional updates as more information becomes available.


Back to the list

Latest Posts

Cyber Security Week in Review: May 23, 2025

Cyber Security Week in Review: May 23, 2025

In brief: Several major malware operations disrupted,  hackers exploit Ivanti and Cityworks zero-days, and more.
23 May 2025
Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

The cyber offensive reportedly struck dozens of entities, spanning both government and private sectors.
22 May 2025
Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

The attacks have been ongoing since at least January 2025.
22 May 2025
Popular Posts
Featured vulnerabilities
Inclusion of cleartext password into protected PDF file in Artifex Ghostscript
Medium Patched | 24 May, 2025
Authenticated blind SQL injection in VMware Avi Load Balancer
Low Patched | 23 May, 2025
Improper validation of integrity check value in Panasonic IR Control Hub
Low Patched | 23 May, 2025
Multiple vulnerabilities in Fuji Electric V-SFT
High Patched | 23 May, 2025
IBM QRadar Network Packet Capture update for TuneD
Low Patched | 23 May, 2025