SonicWall reported a rise in attacks targeting Gen 7 firewalls with SSL VPN, attributed to the previously disclosed CVE-2024-40766 vulnerability. This access control issue, with a high CVSS score of 9.3, can allow unauthorized access and potentially crash the firewall. The company is investigating under 40 incidents, mostly tied to migrations from Gen 6 to Gen 7 without password resets. SonicOS 7.3 offers enhanced protection against brute-force and MFA attacks, with updated recommendations to secure devices.
SonicWall has high confidence that recent SSL VPN activity is not tied to a zero-day vulnerability but correlates with threat activity from CVE-2024-40766.
CVE-2024-40766, rated CVSS 9.3, is an improper access control issue that could allow unauthorized access and, under certain conditions, cause the firewall to crash.
SonicWall is investigating fewer than 40 incidents, many involving Gen 6 to Gen 7 migrations without resetting user passwords, violating recommendations for CVE-2024-40766.
SonicOS 7.3 includes protections against brute-force and MFA attacks; recommendations include firmware updates, password resets, and enabling strong security measures.
Collection
[
|
...
]