Aug 07, 2025Ravie LakshmananNetwork Safety / Vulnerability
SonicWall has revealed that the current spike in exercise focusing on its Gen 7 and newer firewalls with SSL VPN enabled is expounded to an older, now-patched bug and password reuse.
“We now have excessive confidence that the current SSL VPN exercise will not be related to a zero-day vulnerability,” the corporate mentioned. “As an alternative, there’s a important correlation with risk exercise associated to CVE-2024-40766.”
CVE-2024-40766 (CVSS rating: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper entry management concern that would enable malicious actors unauthorized entry to the gadgets.
“An improper entry management vulnerability has been recognized within the SonicWall SonicOS administration entry, doubtlessly resulting in unauthorized useful resource entry and, in particular situations, inflicting the firewall to crash,” it famous in an advisory on the time.
SonicWall additionally mentioned it is investigating lower than 40 incidents associated to this exercise, and that most of the incidents are associated to migrations from Gen 6 to Gen 7 firewalls with out resetting the native person passwords, an important advice motion as a part of CVE-2024-40766.
Moreover, the corporate identified that SonicOS 7.3 has further safety in opposition to brute-force password and multi-factor authentication (MFA) assaults. The up to date steering provided by the corporate is beneath –
Replace firmware to SonicOS model 7.3.0
Reset all native person account passwords for any accounts with SSLVPN entry, significantly those who have been carried over throughout migration from Gen 6 to Gen 7
Allow Botnet Safety and Geo-IP Filtering
Implement MFA and robust password insurance policies
Take away unused or inactive person accounts
The event comes as a number of safety distributors reported observing a surge in assaults exploiting SonicWall SSL VPN home equipment for Akira ransomware assaults.
