rocketwise | Blog, Tech Tips, Downloads and Resources!

SonicWall Firewall Exploit

Written by Kevin Landers | Jan 25, 2021 1:29:58 PM

On Friday evening (January 22nd), SonicWall released a security notice that their internal systems were compromised by unknown hackers that leveraged a "zero-day" vulnerability in their VPN product.

Why does it matter?

As many dealerships in North America find their networks behind SonicWall firewalls, this is an incident that needs to be watched carefully.

What does this vulnerability do?

At the moment, SonicWall has stated that the potential impact would allow unauthorized access by third parties (hackers) to a dealership's internal networks at any given branch location.

What we know.

Update: 1/25/2021

As we've been monitoring the situation with the SonicWall vulnerabilities, they have released a few updates over the weekend.
 
In short, the NetExtender VPN Client (which was initially thought to be vulnerable) has now been determined by SonicWall to be unaffected.
 
They have also narrowed down the list of affected SonicWall firewalls to their SMA 100 series firewalls.
 
If you any of your dealership locations use an SMA 100 firewall, it is recommended that you make certain to disable Virtual Office and HTTPS administrative access from the Internet.
 
As SonicWall continues to investigate these exploits, we will keep you posted with any further recommendations.
 
Initial Update: 1/23/2021

Initial reports from SonicWall are not entirely clear. It appears that vulnerabilities exist within NetExtender VPN Client software, SonicWall SMA-series firewalls and (possibly) all other firewall models. The recommendations by SonicWall at this point are to either white-list all known IP addresses for remote access or to disable all VPN services on your firewalls.
 
As many dealership remote users are individuals working from a variety of locations at any given time, the white-listing method will most likely prove very burdensome to implement.
 
Other Resources: