Protect Your SonicWall: Urgent Patch Needed to Prevent Ransomware Attacks
If you’re a SonicWall customer, listen up. A critical vulnerability in SonicWall firewalls is actively being exploited in ransomware attacks, and you need to act fast to protect your network.
The vulnerability, rated at a CVSS score of 9.3 and known as CVE-2024-40766, was first identified on August 22. However, a recent update on September 6 revealed that it is now being actively exploited in the wild.
The issue lies in the SonicWall SonicOS management access and SSLVPN, posing a risk of unauthorized resource access and potential firewall crashes under certain conditions. This vulnerability affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
According to Arctic Wolf senior threat intelligence researcher Stefan Hostetler, ransomware affiliates have already compromised SSLVPN accounts on SonicWall devices as a way to launch attacks. These accounts were managed locally on the devices and lacked multi-factor authentication (MFA), making them easy targets for exploitation.
To safeguard your network and prevent falling victim to these attacks, you must update to the latest SonicOS firmware, enable MFA for locally managed SSLVPN accounts, and update all account passwords. Neglecting to do so could leave your organization vulnerable to devastating ransomware infections.
Rapid7 researchers have also observed suspicious activity related to CVE-2024-40766 and warned of potential threats. Given the severity of the situation, it is imperative that organizations take immediate action to patch this critical vulnerability.
Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities Catalog, emphasizing the urgency of the situation. Federal agencies are required to patch this vulnerability by September 30 to prevent potential cyberattacks.
Don’t wait until it’s too late. Act now to secure your SonicWall firewall and protect your network from malicious actors. Your data and your organization’s reputation depend on it.