SonicWall has revealed that the recent surge in activity targeting new firewalls with Gen 7 and SSL VPN support is related to old, currently Pasteur bugs and password reuse.
“We are currently confident that recent SSL VPN activity is not connected to zero-day vulnerabilities,” the company said. “Instead, there is a significant correlation with threat activity associated with CVE-2024-40766.”
CVE-2024-40766 (CVSS score: 9.3) was first disclosed by SonicWall in August 2024 and called malicious access access an inappropriate access control issue that allows for unauthorized access.
“Inappropriate access control vulnerabilities have been identified in Sonic Wall Sonicos Managed Access, leading to unauthorized access to resources and the firewall could crash under certain conditions,” he said in an advisory at the time.
Sonicwall also said it is investigating fewer than 40 incidents related to this activity, saying many of the incidents are related to the migration from Gen 6 to Gen 7 firewall without resetting the local user password, an important recommended action as part of CVE-2024-40766.
Additionally, the company noted that Sonicos 7.3 has additional protection against brute-force passwords and multi-factor authentication (MFA) attacks. The updated guidance provided by the company is below:
Update firmware to SONICOS version All local user account passwords for accounts with SSLVPN access, especially botnet protection and GEO-IP filtering with accounts that were carried over during the transition from Gen 6 to Gen 7 and ENFORCE MFA and strong password policy remove unused or inactive user accounts
The development comes as several security vendors reported that they observed a surge in attacks utilizing Sonicwall SSL VPN appliances for ransomware attacks.
Source link
