SonicWall has revealed that the latest spike in exercise focusing on its Gen 7 and newer firewalls with SSL VPN enabled is said to an older, now-patched bug and password reuse.
“We now have excessive confidence that the latest SSL VPN exercise just isn’t related to a zero-day vulnerability,” the corporate mentioned. “As a substitute, there’s a vital correlation with menace exercise associated to CVE-2024-40766.”
CVE-2024-40766 (CVSS rating: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper entry management problem that might permit malicious actors unauthorized entry to the gadgets.
“An improper entry management vulnerability has been recognized within the SonicWall SonicOS administration entry, probably resulting in unauthorized useful resource entry and, in particular situations, inflicting the firewall to crash,” it famous in an advisory on the time.
SonicWall additionally mentioned it is investigating lower than 40 incidents associated to this exercise, and that lots of the incidents are associated to migrations from Gen 6 to Gen 7 firewalls with out resetting the native consumer passwords, an important suggestion motion as a part of CVE-2024-40766.
Moreover, the corporate identified that SonicOS 7.3 has extra safety in opposition to brute-force password and multi-factor authentication (MFA) assaults. The up to date steerage supplied by the corporate is beneath –
- Replace firmware to SonicOS model 7.3.0
- Reset all native consumer account passwords for any accounts with SSLVPN entry, significantly people who had been carried over throughout migration from Gen 6 to Gen 7
- Allow Botnet Safety and Geo-IP Filtering
- Implement MFA and powerful password insurance policies
- Take away unused or inactive consumer accounts
The event comes as a number of security distributors reported observing a surge in assaults exploiting SonicWall SSL VPN home equipment for Akira ransomware assaults.
