According to a tweet by cybersecurity firm NCC Group, a SonicWall SMA 100 zero-day flaw is being actively exploited in the wild.
On January 22nd, SonicWall revealed that they experienced an attack on their internal systems using a “probable” zero-day susceptibility in specific SonicWall networking devices.
While SonicWall examines the flaw and has not provided more detail, they say that it may affect their SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) line of remote access appliances.
SonicWall mentions that administrators need to allow multi-factor authentication (MFA) on the devices and endorse setting up IP address restrictions to the management interface.
Cybersecurity firm NCC Group has tweeted that they have spotted an exploit against SonicWall SMA 100 devices being used extensively in the wild.
“Our team has observed signs of an attempted exploitation of a vulnerability that affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth,” the NCC Group said.
It is not known if this exploit is for the same flaw lately unveiled by SonicWall but believes it could be a possible candidate.