Security firm the NCC Group believes that it has identified an active exploit involving a zero-day SonicWall vulnerability that was disclosed last week. The company has not revealed exact details regarding the exploit as that might enable further attacks to be launched.
“Per the SonicWall advisory… we’ve identified and demonstrated exploitability of a possible candidate for the vulnerability described and sent details to SonicWall – we’ve also seen indication of indiscriminate use of an exploit in the wild – check logs,” NCC explained in a tweet.
SonicWall has not confirmed whether the exploit discovered by NCC researchers involves one of the vulnerabilities disclosed last week. Until more information is revealed, NCC has advised that owners of the vulnerable SonicWall devices cited in the firm’s recent security advisory should restrict the IP addresses that are allowed to access the management interface to only those associated with authorized personnel.
Unconfirmed exploits
SonicWall recently warned customers that a zero-day vulnerability had been found affecting several of its VPN products. Following further investigation, however, the number of affected devices was significantly reduced.
Nevertheless, SonicWall admitted to the unconfirmed presence of a zero-day vulnerability affecting its SMA 100 Series – a range of networking devices used to provide access to internal networks for remote employees – something that has become increasingly needed with COVID-19 restrictions still in place for many businesses.
SonicWall is continuing to investigate potential vulnerabilities and reminded users of the importance of installing the latest security updates in order to guarantee protection against cybersecurity threats. The firm added that many of the proof of concept exploits being shared are not possible if patches released in 2015 are installed.
Via ZDNet