Comments
-
Anyone get any more information from Sonicwall on all of this?
-
That would be a nice thing to know. I am trying to figure out why no information is being released.
-
I am also wondering when Sonicwall is going to give us more details on this.
-
There are definitely some "campaigns" that are going on to find vulnerable devices...
-
Saw this message today on 5-6 SMA appliances. Just sharing what we are seeing. SSLVPN: id=sslvpn sn= time="2021-02-08 22:43:28" vp_time="2021-02-09 06:43:28 UTC" fw= pri=1 m=0 c=800 src=45.32.134.245 dst= user="System" usr="System" msg="ExtendID (query) invalid extendid: '1' or substr((select sessionId from Sessions Limit…
-
I am trying to get more information through my sonicwall rep to understand if the attackers could have gained persistence on the appliances.
-
Any IP that comes up in our syslog alerting we are adding to blocked sites.
-
I noticed that after the fact. Sadly cannot edit the post. At this point I think the bad guys know how to find it.
-
Thanks! I wonder if we should be concerned if the device was running patched firmware and we are still seeing a log message like that.
-
Here is another example. This is running the patched firmware. SSLVPN: id=sslvpn time="2021-02-04 05:25:11" vp_time="2021-02-04 10:25:11 UTC" fw= pri=1 m=0 c=800 src=144.217.207.77 dst=207.99.117.86 user="System" usr="System" msg="ExtendID (query) invalid extendid: ''UNION SELECT…
-
I would love to know what the attackers are trying to do with this. We keep seeing this with frequency. On SMAs with difference firmware releases. 8/9/10 SSLVPN: id=sslvpn sn= time="2021-02-04 05:25:40" vp_time="2021-02-04 10:25:40 UTC" fw= pri=6 m=0 c=300 src=144.217.207.77 dst=…
-
Yeah this is what we are all trying to understand. Does the vulnerability allow the attacker to see cached AD credentials on the appliance?
-
I have seen that before. Pretty normal in our travels.
-
We just did our internal one. So far so good. People are logged back in without issue. What are the chances that the installation has been tainted?
-
I downloaded it. Currently reading release notes. Can we please get more details about the exploit? "Addressed critical credential access vulnerability reported" is all we have to run on.