SonicWall revealed a critical RCE vulnerability (CVE-2024-40766) in SonicOS on August 22, 2024. Initially, no exploitation was reported, but by September 6, active attacks were detected. This flaw allows attackers to execute arbitrary code, potentially leading to data theft, network disruption, and system compromise.
Akira Ransomware
Akira ransomware affiliates recently exploited vulnerabilities in SonicWall SSLVPN devices, targeting local accounts without MFA to gain unauthorized access.
Affected devices were running outdated SonicOS firmware. Organizations should upgrade to the latest SonicOS versions and enable MFA for all SSLVPN accounts.
Vulnerabilities in older SonicOS 5.9.2 and 6.5.4 versions for various SonicWall firewalls, including SOHO (Gen 5) and Gen 6, have been patched in updates (5.9.2.14-13o and 6.5.4.15.116n). It’s essential to update to these versions to prevent attacks.
A security vulnerability was found in Gen7 Firewalls running SonicOS versions 7.0.1-5035 and older. This flaw could enable unauthorized attackers to gain access to the firewall’s management interface, potentially compromising the device’s security.
Recommendation
Update Firmware: Users should upgrade to SonicOS version 7.0.1-5072 or later, as vulnerabilities are fixed in this version and above.
Reset SSLVPN Passwords: For Gen5 and Gen6 devices, reset SSLVPN account passwords to prevent unauthorized access. Enable the “User must change password” option for all local accounts to force password resets at next login.
Update Centralized Passwords: Ensure users update their passwords in Active Directory or other centralized systems if the same passwords are used.
Enable MFA: For Gen5 firewalls, go to Users > Local Users. For Gen6 firewalls, navigate to MANAGE | System Setup > Users > Local Users & Groups. SonicWall recommends enabling MFA for all local SSLVPN accounts to improve security.
To reduce security risks, disable WAN management and SSLVPN access from the internet. This prevents remote configuration changes and connections from untrusted sources, lowering the chance of unauthorized access and cyberattacks.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment