SonicWall has confirmed a zero-day vulnerability affecting its SMA 100 Series. Its disclosure arrives as NCC Group researchers report an observation of attacks exploiting a SonicWall flaw.
On Jan. 25, the network security provider became the latest in a string of security vendors to disclose a cyberattack. In SonicWall's case, attackers allegedly exploited vulnerabilities in its own products to breach its internal network. While it was able to verify several tools that were not affected in the attack, an investigation into other SonicWall products was still ongoing.
One week later, SonicWall has confirmed a critical zero-day flaw affecting its SMA 100 series 10.x code. It has identified the vulnerable code and is developing a patch to be available by end of day on Feb. 2. This vulnerability affects physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v). SMA 100 firmware prior to 10.x is not affected.
Around the same time SonicWall disclosed the zero-day, security researchers with NCC Group reported on Twitter they observed "indication of indiscriminate use of an exploit in the wild." The researchers have contacted SonicWall and are reportedly working to investigate the attack.
A spokeswoman for NCC Group confirmed to Ars Technica that the attempted exploits target a vulnerability affecting the SonicWall SMA 100 series; however, no further details are available at this time.
SonicWall has published more details on the zero-day along with steps that companies can take to secure their tools before a patch arrives.