Security advisories

Update: SonicWall Zero-Day Vulnerability

February 3, 2021 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On February 3rd, 2021, SonicWall released security patches to address critical zero-day vulnerabilities in their products. The vulnerabilities exist in the SonicWall Secure Mobile Access (SMA) 100 series 10.x code. While vulnerability details remain minimal, SonicWall has confirmed that one zero-day vulnerability is used to gain administrator credential access and a second vulnerability is used for remote code execution.

Organizations must address these vulnerabilities immediately as active exploitation is ongoing.

What we’re doing about it

What you should do about it

Additional information

Vulnerability details, including CVE numbers, are not publicly available at this time. Attacks exploiting this vulnerability in the wild have been confirmed against both SonicWall and SonicWall customers.

Known Impacted SonicWall Products (as of February 3, 2021):

References:

[1] https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/

View Most Recent Advisories