SonicWall engineering teams continued their investigation into probable zero-day vulnerabilities and have produced the following update regarding the impacted products: NOT AFFECTED
MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS
The NetExtender VPN client and SMB-oriented SMA 100 series are used for providing employees/users with remote access to internal resources. Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.
NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls.Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government.