Impending Risk of Ransomware Attacks Exploiting Vulnerability in SonicWall SRA/SMA 100 Series VPN Devices

SonicWall has given an important security notice cautioning users of the Secure Remote Access (SRA) products and Secure Mobile Access (SMA) 100 series operating on end-of-life software with regards to an impending ransomware campaign utilizing stolen credentials.

The campaign takes advantage of an identified vulnerability in 8.x software on the devices. SonicWall already patched the vulnerability in new software versions. All users of products that are still operating on the vulnerable software version are instructed to update their firmware to version 9.x or 10.x right away.

SonicWall knew about the threat actors’ campaign to target the SMA 100 series and SRA products’ vulnerability through its relationship with reputed third parties. The concerned end-of-life products with 8.x software are beyond short-term mitigations. Persistent use of this software or end-of-life products poses an active security threat.

Consumers utilizing end-of-life SMA or SRA devices operating on the vulnerable 8.x software ought to implement the update right away or disconnect their devices and reset passwords. Find below the EOL devices affected:

  • SSL-VPN 200/2000/400 (EOL 2013/2014)
  • SRA 4200/1200 (EOL 2016)
  • SRA 4600/1600 (EOL 2019)

SMA 400/200 is in Limited Retirement Mode but still supported. Users must update their firmware to 10.2.0.7-34 or 9.0.0.10 promptly, reset passwords and activate MFA.

All identified vulnerabilities were resolved in the most recent versions of 9.x or 10.x software. The vulnerabilities do not affect end-users of SMA 1000 series products. Users of these products must be sure to use the latest firmware versions, must employ multi-factor authentication, and make sure to apply any future software update without delay.

SMA 210/410/500v hasn’t hit the end of life yet and is supported however may still be operating on software versions that have vulnerabilities found in 2021. Users operating on software 9.x must quickly update to 9.0.0.10-28sv or later and end-users of firmware 10.x must quickly update to 10.2.0.7-34sv or later versions.

Consumers utilizing end-of-life devices operating on the vulnerable version 8.x software who cannot upgrade to 9.x or 10.x versions are being provided a free virtual SMA 500v up to October 31, 2021, which is continually being supported.