As of late Friday morning, SonicWall was in the early stages of advising its customers of a breach which may have impacted its security products. While initial reports indicated a wide range of potentially impacted products across the SonicWall product line, this was later clarified to just the SMA (Secure Mobile Access) 100. The SMA 100 is an appliance which is intended to provide secure access to data center, cloud, and SaaS (software as a service) resources from a single portal.
The announcement came four days after proof of concept (POC) exploit code for CVE-2020-5144 was released, which describes exploitation of the SonicWall Global VPN Windows client for privilege escalation by leveraging a vulnerability that allowed the executable search order to be hijacked. This would allow an ordinary user to elevate their permissions to SYSTEM (administrative-level privileges).
Early this Monday morning, Darren Martyn, a security researcher, released a previously unpublished exploit against SonicWall SSL-VPN (which includes the firewall line). This particular method of exploitation was leveraged during the Hacking Team data breach and allowed the threat actor in that instance to not simply gain remote access to the device, but also add code to the login page to capture usernames and passwords.