Due to attacks, admins should secure their remote access systems Secure Mobile Access (SMA) from Sonicwall. Attackers are currently supposed to attack vulnerable systems in two ways.
Employees, for example, can use SMA to remotely access company computers via encrypted VPN connections.
A security researcher from NCC Group Research & Technology warns of the attacks on Twitter. Specifically, according to him, the unknown attackers are attempting a “critical” classified vulnerability (CVE-2021-20038). Security patches are available since December 2021. Admins can find information about the updates in a warning message. The developers have general advice on updating SMA 100 compiled in one post.
Sonicwall assures that spending 10.2.1.3-27sv and 10.2.0.9-41sv secured against such attacks. If you have an older version installed, you should update the system as soon as possible. Since support for firmware 9.0.0 ended in October 2021, this strand will no longer receive security updates. Admins must upgrade to 10.2.x.
Brute force attacks
So far, the security researcher has stated that he has not yet observed any successful attacks. But that can change quickly. If attacks are successful, remote attackers should be able to execute malicious code without authentication.
In addition to exploiting the vulnerability, attackers are also said to be carrying out brute force attacks. They try out different passwords and hope for a hit in order to be able to access systems. Admins should ensure that no known standard passwords are used. Instead, secure passwords should be assigned.