SonicWall issues patch for firmware zero-day used to attack the company and its customers

Network security company SonicWall is offering a patch for a serious bug in one of its product lines that had attracted public warnings from cybersecurity researchers over the past week.

The patch fixes a flaw that had put the Silicon Valley firm in the headlines of late. SonicWall on Jan. 22 said attackers had exploited a zero-day vulnerability in its own products to gain access to its corporate network. Then, on Jan. 31, researchers from NCC Group then said the bug was being exploited elsewhere in the wild.

The bug is in SonicWall’s line of SMA 100 mobile networking gear, which is designed to add a layer of security for companies that allow employees to use their own devices to access corporate networks. SonicWall said the vulnerability allowed hackers to gain administrator-level privileges and then subsequently use a remote-code execution (RCE) on networks.

The patch, posted Wednesday, applies to the SMA 100 series’ firmware. SonicWall did not release details about who was exploiting the bug. A researcher for U.K.-based NCC Group told ZDNet that a “single threat actor” seemed to be behind the attacks.

SonicWall urged customers to apply the patch “IMMEDIATELY” and warned that they might be able to detect any of the SMA 100 attacks on their own.

“We currently are not aware of any forensic data that can be viewed by the user to determine whether a device has been attacked,” the company said. “However, we will post an update as we get more information.”