Ethical Hacking News
A recent surge in attacks targeting SonicWall SSL VPN appliances has been linked to an older, now-patched bug. The vulnerability in question was disclosed by SonicWall in August 2024 and was described as an improper access control issue that could allow malicious actors unauthorized access to the devices. In response, SonicWall has advised updating firmware to SonicOS version 7.3.0 and enforcing MFA and strong password policies. Organizations are urged to take proactive measures to protect their networks from such threats by ensuring they stay up-to-date with the latest security patches.
Recent surge in attacks targeting SonicWall Gen 7 and newer firewalls with SSL VPN enabled. CVE-2024-40766 vulnerability was identified, an improper access control issue allowing unauthorized access to devices. Patched in SonicOS version 7.3.0; migrations from Gen 6 to Gen 7 without resetting local user passwords are a contributing factor. Recommendations include updating firmware, enabling MFA and strong password policies, Botnet Protection, Geo-IP Filtering, and removing unused user accounts.
In a recent announcement, SonicWall has revealed that the recent surge in attacks targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug. This critical update comes as multiple security vendors reported observing a spike in Akira ransomware attacks exploiting SonicWall SSL VPN appliances.
The vulnerability in question, CVE-2024-40766, was first disclosed by SonicWall in August 2024. The bug was described as an improper access control issue that could allow malicious actors unauthorized access to the devices. An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash.
However, it is essential to note that this vulnerability has since been patched in SonicOS version 7.3.0. Furthermore, the company pointed out that many of the incidents are related to migrations from Gen 6 to Gen 7 firewalls without resetting the local user passwords. This crucial recommendation action as part of CVE-2024-40766 is recommended by SonicWall.
To mitigate this threat, SonicWall advised updating firmware to SonicOS version 7.3.0 and enforcing MFA and strong password policies. The company also emphasized the importance of enabling Botnet Protection and Geo-IP Filtering, as well as removing unused or inactive user accounts.
The recent surge in attacks targeting SonicWall SSL VPN appliances has raised concerns about the security of these devices. While SonicWall's patching of CVE-2024-40766 is a welcome development, it is clear that this vulnerability was being exploited by malicious actors. The importance of regularly updating and securing firewalls cannot be overstated.
In light of this recent development, it is essential for organizations to take proactive measures to protect their networks from such threats. This includes ensuring that all devices are updated with the latest security patches and taking steps to enforce strong password policies and enable MFA. By doing so, organizations can significantly reduce the risk of being targeted by malicious actors.
The SonicWall VPN patch serves as a timely reminder of the importance of ongoing security efforts. As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and take proactive measures to protect their networks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-SonicWall-VPN-Patch-A-Critical-Update-to-Prevent-Malicious-Activity-ehn.shtml
https://thehackernews.com/2025/08/sonicwall-confirms-patched.html
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
https://www.cvedetails.com/cve/CVE-2024-40766/
Published: Thu Aug 7 12:11:39 2025 by llama3.2 3B Q4_K_M
