SonicWall has unveiled a patch that mitigates a zero-day vulnerability on SMA 100 series 10.x code. The patch should be applied immediately, the security company announced on February 3, 2021.
But note: SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability, the firewall company said on February 1. Partners and customers should continue to check the patch link above, since SonicWall has provided multiple updates via that link since the initial January 22 security disclosure.
When the issue was first uncovered, SonicWall said a breach apparently involved a coordinated attack on the company's internal systems by "highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products."
Which SonicWall Products Are Not Affected?
In a January 2021 statement, the company said the following SonicWall products are not affected by the vulnerability:
- SonicWall Firewalls
- NetExtender VPN Client
- SMA 1000 Series
- SonicWave Access Points
SonicWall, backed by private equity firms Francisco Partners and Elliott Management, develops firewalls and other cybersecurity products. The company has a large base of VAR, MSP and MSSP partners.
Stay tuned for potential updates on this developing story.
Story originally published January 23, 2021. Updated multiple times thereafter.