Questo sito o gli strumenti terzi da questo utilizzati si avvalgono di cookie necessari al funzionamento ed utili alle finalità illustrate nella cookie policy. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie, consulta la cookie policy
Cliccando sul tasto "Accetto" acconsenti all’uso dei cookie. Accetto

NEWS ALIAS

25 Gennaio 2021
Bookmark and Share

Sonicwall - NOTIFICA DI SICUREZZA per i prodotti SMA serie 100

Last Updated: Jan. 25, 2021. 5.30 P.M. CST.

SonicWall believes it is extremely important to be transparent in providing the latest information to our customers, partners and the broader cybersecurity community about the ongoing attacks on global business and government.

As an update to previous communication, SonicWall engineering teams continued their investigation into probable zero-day vulnerabilities and have produced the following update regarding the impacted products:

NOT AFFECTED

  • SonicWall Firewalls: All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100. No action is required from customers or partners.
  • NetExtender VPN Client: While we previously communicated NetExtender 10.x as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners.
  • SMA 1000 Series: This product line is not affected by this incident. Customers are safe to use SMA 1000 series and their associated clients. No action is required from customers or partners.
  • SonicWave Access Points: Not affected. No action is required from customers or partners.

REMAINS UNDER INVESTIGATION

For additional details, guidance and product usage, customers may reference the KB article, which we will continue to update throughout our investigation.

SonicWall fully understands the challenges previous guidance had in a work-from-home environment, but the communicated steps were measured and purposeful in ensuring the safety and security of our global community of customers and partners.

IMPORTANT: At this time, it is critical that organizations with active SMA 100 Series appliances take the following action:

In addition to implementing 2FA, SMA 100 series administrators may also consider the following to further secure access to these devices:

Please refer to the SonicWall issued PSIRT Advisory SNWLID-2021-0001 for updates.  As we continue to investigate the incident, we will provide further updates regarding mitigation or possible patches in this KB. 

Original Post: Jan. 22, 2021. 10 P.M. CST.

SonicWall provides cybersecurity products, services and solutions that are designed to help keep organizations safe from increasingly sophisticated cyber threats. As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations.

We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government.

Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are:

  • NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance

The NetExtender VPN client and SMB-oriented SMA 100 series are used for providing employees/users with remote access to internal resources.

We are providing mitigation recommendations to our channel partners and customers. For further guidance, please visit: https://www.sonicwall.com/support/product-notification/210122173415410. We will continue to update this knowledge base (KB) article as more information is available.

Trace:dfb7bbc77042d31f3e58665fc0cc4d5d-
Bookmark and Share
© Alias S.r.l. 2021. Tutti i diritti riservati. Sede Legale: Via San Francesco, 2 - 33100 Udine
Capitale sociale Euro 62.400,00 i.v., C.F. / P.IVA 01837180304, Iscrizione C.C.I.A.A. Registro Imprese di UDINE n. 01837180304
Privacy Policy  |  Cookie Policy


© project Web Industry