{"id":6620,"date":"2021-07-20T14:31:51","date_gmt":"2021-07-20T21:31:51","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6620"},"modified":"2024-04-26T13:20:32","modified_gmt":"2024-04-26T20:20:32","slug":"cyber-threat-advisory-sonicwall-vulnerability","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/","title":{"rendered":"Cyber Threat Advisory: SonicWall Vulnerability"},"content":{"rendered":"<h3>Author: Yadu Nadh<\/h3>\n<h3>TLP: WHITE<\/h3>\n<p>&nbsp;<\/p>\n<h3>1. Executive Summary<\/h3>\n<p>On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.<sup>1<\/sup><\/p>\n<p>On 15 July, SonicWall confirmed CISA\u2019s alert about the vulnerability being actively exploited in the wild and urged its customers to take steps to reduce the risk of getting attacked.<sup>2<\/sup> SonicWall has already identified three vulnerabilities that affect SRA 4600 and SMA 100 devices: CVE-2019-7481, CVE-2019-7482, and CVE-2021-20016.<sup>3<\/sup><sup>,<\/sup><sup>4<\/sup><\/p>\n<h3>2. Analysis<\/h3>\n<p>Big game hunting (BGH) ransomware actors<sup>5<\/sup> as well as ransomware gangs<sup>6<\/sup> have exploited CVE-2021-20016 to then be able to log in to the VPN simply by using the victim\u2019s credentials (without brute-forcing). The threat actor can then deploy the ransomware of choice, encrypt the compromised system, and demand a ransom.<sup>7<\/sup> Using this approach, an unknown threat actor exploited CVE-2021-20016 in SMA 100 Series VPN appliances, deployed FiveHands ransomware, and then pressured the victim to pay a ransom by threatening to 1) expose the victim\u2019s data to the media and\u00a0\u00a0 \u00a02) sell the data in underground forums.<sup>8<\/sup><\/p>\n<ul>\n<li>\n<h5><strong>2.1. <\/strong><strong>CVE-2019-7481<\/strong><\/h5>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\">CVE-2019-7481 is a critical SQL injection vulnerability. To exploit it, a remote, unauthenticated attacker could submit a specially crafted query. The attacker could then exploit another vulnerability to gain various levels of access to the SSL-VPN, because the data stored in the Sessions table in the SQLite database seems to consist of the session identifiers for authenticated users.<\/p>\n<ul>\n<li>\n<h5><strong>2.2. <\/strong><strong>CVE-2019-7482<\/strong><\/h5>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\">Exploiting CVE-2019-7482 allows the attackers to arbitrarily execute code. This vulnerability lies in a buffer overflow that takes place during the parsing of the browser\u2019s user agent. The overflow can occur if the attacker has set the user agent to mimic Safari, because the getSafariVersion function in the libSys.so library is vulnerable and can lead to a crash. This has not yet been found to be exploited in the wild.<\/p>\n<ul>\n<li>\n<h5><strong>2.3\u00a0\u00a0\u00a0\u00a0 CVE-2021-20016<\/strong><\/h5>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\">CVE-2021-20016 is a critical SQL injection vulnerability that exploits unpatched SMA 100 series devices used for remote access. A remote, unauthenticated attacker could submit a specially crafted query to exploit the vulnerability. Successful exploitation would enable the attacker to access login credentials and session information and then use this information to log in to a vulnerable, unpatched SMA 100 device.<\/p>\n<h3>3. Prevention and Mitigation<\/h3>\n<p>CISA urges owners and operators of critical infrastructures to apply the following measures that can mitigate the risk of compromise by such ransomware attacks:<\/p>\n<ul>\n<li>Require multi-factor authentication for remote access to OT and IT networks.<\/li>\n<li>Filter network traffic to prohibit ingress and egress communications with known malicious IPs.<\/li>\n<li>Update software, including operating systems, applications, and firmware on network assets as soon as the updates become available.<\/li>\n<li>Limit access to resources over networks, especially by restricting RDP.<\/li>\n<li>Set antivirus and antimalware programs to conduct regular scans of IT network assets.<\/li>\n<li>Monitor or block inbound connections involving the TOR network.<\/li>\n<li>Deploy signatures to detect and\/or block inbound connections from Cobalt Strike.<\/li>\n<li>Implement and ensure that network segmentation between IT and OT networks is robust.<\/li>\n<li>Organize OT assets into logical zones.<\/li>\n<li>Identify OT and IT network interdependencies, and develop workaround manual controls.<\/li>\n<li>Implement regular data backup procedures on the IT as well as OT networks.<\/li>\n<\/ul>\n<h3>Endnotes<\/h3>\n<ol>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/07\/15\/ransomware-risk-unpatched-eol-sonicwall-sra-and-sma-8x-products\">https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/07\/15\/ransomware-risk-unpatched-eol-sonicwall-sra-and-sma-8x-products<\/a><\/li>\n<li><a href=\"https:\/\/www.sonicwall.com\/support\/product-notification\/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices\/210713105333210\/\">https:\/\/www.sonicwall.com\/support\/product-notification\/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices\/210713105333210\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.scrt.ch\/2020\/02\/11\/sonicwall-sra-and-sma-vulnerabilties\/\">https:\/\/blog.scrt.ch\/2020\/02\/11\/sonicwall-sra-and-sma-vulnerabilties\/<\/a><\/li>\n<li><a href=\"https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2021-0001\">https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2021-0001<\/a><\/li>\n<li><a href=\"https:\/\/www.crowdstrike.com\/blog\/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481\/\">https:\/\/www.crowdstrike.com\/blog\/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481\/<\/a><\/li>\n<li><a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/04\/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html\">https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/04\/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html<\/a><\/li>\n<li><a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/04\/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html\">https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/04\/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-ransomware-group-uses-sonicwall-zero-day-to-breach-networks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-ransomware-group-uses-sonicwall-zero-day-to-breach-networks\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Yadu Nadh TLP: WHITE &nbsp; 1. Executive Summary On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":668,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[333,528,527],"class_list":{"0":"post-6620","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cyberattack","9":"tag-sonicwall","10":"tag-vulnerability","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cyber Threat Advisory: SonicWall Vulnerability<\/title>\n<meta name=\"description\" content=\"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Threat Advisory: SonicWall Vulnerability\" \/>\n<meta property=\"og:description\" content=\"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-20T21:31:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Cyber Threat Advisory: SonicWall Vulnerability\",\"datePublished\":\"2021-07-20T21:31:51+00:00\",\"dateModified\":\"2024-04-26T20:20:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/\"},\"wordCount\":621,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"keywords\":[\"Cyberattack\",\"SonicWall\",\"vulnerability\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/\",\"name\":\"Cyber Threat Advisory: SonicWall Vulnerability\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"datePublished\":\"2021-07-20T21:31:51+00:00\",\"dateModified\":\"2024-04-26T20:20:32+00:00\",\"description\":\"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-sonicwall-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threat Advisory: SonicWall Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber Threat Advisory: SonicWall Vulnerability","description":"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Cyber Threat Advisory: SonicWall Vulnerability","og_description":"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/","og_site_name":"Infoblox Blog","article_published_time":"2021-07-20T21:31:51+00:00","article_modified_time":"2024-04-26T20:20:32+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Cyber Threat Advisory: SonicWall Vulnerability","datePublished":"2021-07-20T21:31:51+00:00","dateModified":"2024-04-26T20:20:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/"},"wordCount":621,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","keywords":["Cyberattack","SonicWall","vulnerability"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/","name":"Cyber Threat Advisory: SonicWall Vulnerability","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","datePublished":"2021-07-20T21:31:51+00:00","dateModified":"2024-04-26T20:20:32+00:00","description":"Cyber Threat Advisory: SonicWall Vulnerability. On 15 July, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about threat actors actively targeting a known and previously patched vulnerability in SonicWall\u2019s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that run on unpatched and end-of-life (EOL) 8.x firmware.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-sonicwall-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Threat Advisory: SonicWall Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6620"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6620\/revisions"}],"predecessor-version":[{"id":6624,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6620\/revisions\/6624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/668"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}