SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

What’s new: SonicWall has confirmed that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are linked to CVE-2024-40766, a critical access control flaw fixed in August 2024, rather than a zero-day vulnerability. The company advises that many incidents stem from improper migration practices from Gen 6 to Gen 7 firewalls, where local user passwords were not reset as recommended.

Who’s affected

Organizations using SonicWall Gen 7 firewalls with SSLVPN enabled, particularly those that migrated from Gen 6 without resetting local user passwords, are at risk of unauthorized access and potential ransomware attacks.

What to do

• Update firmware to version 7.3.0 or later to enhance security features.
• Reset all local user passwords, especially those used for SSLVPN.
• Consider disabling SSLVPN services and limit connectivity to trusted IP addresses until the situation stabilizes.

Sources

• BleepingComputer