Security vendor SonicWall said it identified a "coordinated attack" on its internal systems that exploited "probable" zero-day flaws in at least one of its own products.
However, the company scaled back an earlier security alert about the incident and clarified which of its products - or more specifically, their use cases - remain under investigation and potentially vulnerable.
SonicWall said that only its Secure Mobile Access (SMA) 100 series appliances remain under investigation. It said other products are safe to use.
Administrators of the SMA 100 series boxes are advised to create specific access rules, or disable Virtual Office and HTTPS administrative access from the internet while SonicWall continues to investigate the vulnerability.
There is currently no further information from SonicWall as to when the attack took place, how long it lasted and what if any information was compromised, and whether or not the the hack affects any of the company's clients.
The company recommends that all SonicWall SMA, firewall and MySonicWall accounts must have multi-factor authentication enabled.
Users should also whitelist Internet Protocol addresses that are allowed to access SMA appliances and NetExtender VPNs, SonicWall said.
Using a firewall to only allow Secure Sockets Layer VPN connections to SMA appliances is also recommended by SonicWall.
No patches are available for the vulnerabilities from SonicWall currently.