SonicWall warns that vulnerabilities in Secure Mobile Access 100 and Secure Remote Access gateways with end-of-life firmware are being actively exploited for ransomware attacks. The company recommends that the products be removed from the Internet immediately.
The attackers exploit a vulnerability in the products’ 8.x firmware, which SonicWall no longer supports. The vulnerability has been fixed in new versions of the firmware. In attacks, criminals steal credentials and perform ransomware attacks. These are the gateways SRA 4600/1600, SRA 4200/1200, SSL-VPN 200/2000/400 and SMA 400/200.
Only the latter has limited support and users are strongly advised to update to firmware versions 10.2.0.7-34 or 126.96.36.199. The remaining gateways should be disconnected from the internet and given a password reset , warns SonicWall . The Belgian CERT also warns about the ransomware threat of the vulnerability.
For users with gateways that are still on 8.x firmware and unable to update, SonicWall is offering a virtual SMA 500v until October 31, allowing users to switch to a supported product. Furthermore, the company warns that at the beginning of this year a vulnerability was found in the firmware of the SMA 210, 410 and the aforementioned 500v, which is separate from that of the 8.x firmware. Users of these products should update the 9.x and 10.x firmware to the latest versions.