Issued: Tuesday, 27 July, 2021 |
Last Revision: Tuesday, 27 July, 2021 |
Vendor: |
Product: |
Severity Level: |
As per SonicWall security notice, threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.
The exploitation targets a known vulnerability that has been patched in newer versions of firmware. Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack. Organizations who are using SonicWall are encouraged to check the Product(s) used in their environment and take the mitigation action as soon as possible.
Organizations using the following end-of-life SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances per guidance below.
Affected Product(s) | Mitigation Action |
SRA 4600/1600 (EOL 2019) |
|
SRA 4200/1200 (EOL 2016)
|
|
SSL-VPN 200/2000/400 (EOL 2013/2014)
|
|
SMA 400/200 (Still Supported, in Limited Retirement Mode)
|
|
While not part of this campaign targeting SRA/SMA firmware 8.x, customers with the following products should also ensure that they’re on the latest version of firmware to mitigate vulnerabilities discovered in early 2021.
SMA 210/410/500v (Actively Supported)
- Firmware 9.x should immediately update to 9.0.0.10-28sv or later
- Firmware 10.x should immediately update to 10.2.0.7-34sv or later