Vulnerability
sysops

The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited in attacks.

The flaw, tracked as CVE-2024-40766, affects multiple generations of SonicWall firewalls and carries a critical CVSS score of 9.3, highlighting the significant risk it poses to organizations.

The advisory notes a recent increase in exploitation targeting Australian entities, with threat actors like the Akira ransomware group leveraging the vulnerability.

The vulnerability, identified under advisory ID SNWLID-2024-0015, is an improper access control issue within the SonicWall SonicOS management interface and SSLVPN.

This flaw allows an unauthenticated remote attacker to gain unauthorized access to sensitive resources.

According to the vendor’s security advisory, under specific conditions, the exploitation of this vulnerability can also lead to a denial-of-service condition by causing the firewall to crash.

The issue impacts a wide range of devices, including SonicWall’s Gen 5 and Gen 6 firewalls, as well as Gen 7 devices running SonicOS version 7.0.1-5035 and earlier. The wide deployment of these devices across various sectors makes this a widespread threat.

Active Exploitation By Ransomware Groups

The ACSC’s warning emphasizes that this is not a theoretical threat. The agency is aware of a recent surge in active exploitation of CVE-2024-40766 within Australia.

Specifically, the advisory links the vulnerability to attacks carried out by the Akira ransomware gang, a group known for targeting vulnerable network edge devices as an initial access vector into corporate networks.

By exploiting the SonicWall flaw, attackers can establish a foothold from which they can move laterally, escalate privileges, and ultimately deploy ransomware to encrypt critical data and disrupt operations, a tactic that aligns with Akira’s known methods.

Both SonicWall and the ACSC are urging organizations using the affected devices to take immediate action to mitigate the risk.

The primary step is to apply the security patches released by SonicWall, which address the vulnerability. However, patching alone is not sufficient.

The vendor has stressed that organizations must also change passwords associated with the devices after the firmware update is complete.

Failure to update credentials leaves the organization vulnerable to compromise, even after the patch has been applied.

Organizations are advised to review their networks for vulnerable SonicWall devices and consult the official advisories for detailed investigation and remediation guidance to prevent unauthorized access and potential ransomware attacks.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

Related Posts

A severe vulnerability has been discovered in the PuTTY client and related components, allowing attackers to fully recover NIST P-521…

A critical vulnerability in Hewlett Packard Enterprise‘s Performance Cluster Manager has been identified, enabling attackers to remotely bypass authentication safeguards. …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk…