stf Newbie ✭
- Last Active
Anyone get any more information from Sonicwall on all of this?
That would be a nice thing to know. I am trying to figure out why no information is being released.
I am also wondering when Sonicwall is going to give us more details on this.
There are definitely some "campaigns" that are going on to find vulnerable devices...
Saw this message today on 5-6 SMA appliances. Just sharing what we are seeing. SSLVPN: id=sslvpn sn= time="2021-02-08 22:43:28" vp_time="2021-02-09 06:43:28 UTC" fw= pri=1 m=0 c=800 src=220.127.116.11 dst= user="System" usr="System" msg="ExtendID (query) invalid extendid: '1' or substr((select sessionId from Sessions Limit…
I am trying to get more information through my sonicwall rep to understand if the attackers could have gained persistence on the appliances.
Any IP that comes up in our syslog alerting we are adding to blocked sites.
I noticed that after the fact. Sadly cannot edit the post. At this point I think the bad guys know how to find it.
Thanks! I wonder if we should be concerned if the device was running patched firmware and we are still seeing a log message like that.
Here is another example. This is running the patched firmware. SSLVPN: id=sslvpn time="2021-02-04 05:25:11" vp_time="2021-02-04 10:25:11 UTC" fw= pri=1 m=0 c=800 src=18.104.22.168 dst=22.214.171.124 user="System" usr="System" msg="ExtendID (query) invalid extendid: ''UNION SELECT…
I would love to know what the attackers are trying to do with this. We keep seeing this with frequency. On SMAs with difference firmware releases. 8/9/10 SSLVPN: id=sslvpn sn= time="2021-02-04 05:25:40" vp_time="2021-02-04 10:25:40 UTC" fw= pri=6 m=0 c=300 src=126.96.36.199 dst=…
Yeah this is what we are all trying to understand. Does the vulnerability allow the attacker to see cached AD credentials on the appliance?
I have seen that before. Pretty normal in our travels.
We just did our internal one. So far so good. People are logged back in without issue. What are the chances that the installation has been tainted?
I downloaded it. Currently reading release notes. Can we please get more details about the exploit? "Addressed critical credential access vulnerability reported" is all we have to run on.
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.