Latest Cyber Security News

You are here: Home / General Cyber Security News / SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
August 7, 2025

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.

“We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability,” the company said. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766.”

CVE-2024-40766 (CVSS score: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper access control issue that could allow malicious actors unauthorized access to the devices.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash,” it noted in an advisory at the time.

Identity Security Risk Assessment

SonicWall also said it’s investigating less than 40 incidents related to this activity, and that many of the incidents are related to migrations from Gen 6 to Gen 7 firewalls without resetting the local user passwords, a crucial recommendation action as part of CVE-2024-40766.

Furthermore, the company pointed out that SonicOS 7.3 has additional protection against brute-force password and multi-factor authentication (MFA) attacks. The updated guidance offered by the company is below –

  • Update firmware to SonicOS version 7.3.0
  • Reset all local user account passwords for any accounts with SSLVPN access, particularly those that were carried over during migration from Gen 6 to Gen 7
  • Enable Botnet Protection and Geo-IP Filtering
  • Enforce MFA and strong password policies
  • Remove unused or inactive user accounts

The development comes as multiple security vendors reported observing a surge in attacks exploiting SonicWall SSL VPN appliances for Akira ransomware attacks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *