SonicWall has addressed concerns regarding a recent increase in attacks targeting Gen 7 and newer firewalls with SSL VPN enabled, clarifying that the surge is not linked to any new, undisclosed vulnerabilities. Following a thorough investigation, the company determined that the activity stems primarily from the exploitation of an older, now-patched vulnerability (CVE-2024-40766) combined with the reuse of passwords, particularly among organizations that migrated user accounts from Gen 6 to Gen 7 devices without enforcing password resets.
The company expressed high confidence that these incidents are not associated with a zero-day exploit. Instead, attackers have mainly succeeded in compromising systems where essential security updates were not applied or where organizations continued to use legacy passwords. SonicWall has strongly recommended that all customers upgrade to SonicOS version 7.3.0, which offers enhanced protections against brute-force attacks and multi-factor authentication (MFA) bypass attempts.
In addition to updating firmware, SonicWall has issued several best practice guidelines to minimize risk:
- Reset all passwords for local user accounts with SSL VPN access, especially those migrated from legacy systems.
- Enforce strong password policies and require multi-factor authentication.
- Activate Botnet Protection and Geo-IP Filtering.
- Remove any unused or inactive user accounts.
To date, fewer than 40 confirmed incidents have been attributed to this campaign, with most cases involving organizations that did not follow recommended security practices during migration or credential management. SonicWall stresses that diligent patching and robust password management are key measures for organizations to safeguard their environments and prevent exploitation.
