SonicWall
-
Blog
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and Gen 7 firewalls and SOHO…
Read More » -
Blog
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks
SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific conditions. The vulnerability affects all…
Read More » -
Blog
SonicWall VPN hit with second vulnerability
A vulnerability has been found in a SonicWall VPN server, the second VPN-related issue to hit the company in recent months. Ethical hackers from Dutch company Computest Security discovered the vulnerability which allowed them to take over the server and potentially access the internal company network, exposing sensitive data. SonicWall offers a variety of VPN clients, aimed at securing corporate…
Read More » -
Blog
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation.…
Read More » -
Blog
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. These results come from an analysis conducted by cybersecurity firm Bishop Fox, which was motivated by a series of important vulnerabilities disclosed this year impacting SonicWall devices. Vulnerabilities affecting SonicWall SSL VPN devices were recently…
Read More » -
Blog
SonicWall and CrowdStrike team up to launch new MDR offering
SonicWall and CrowdStrike have teamed up to launch a new managed detection and response (MDR) offering designed to help MSPs equip SMBs with enterprise-grade security. The collaboration pairs SonicWall’s managed security services with the CrowdStrike Falcon cybersecurity platform’s endpoint detection and response capabilities to create a scalable AI-native solution. In an announcement, SonicWall said the new MDR offering will help…
Read More » -
Blog
Fog ransomware targets SonicWall VPNs to breach corporate networks
Fog and Akira ransomware operators are increasingly breaching corporate networks through SonicWall VPN accounts, with the threat actors believed to be exploiting CVE-2024-40766, a critical SSL VPN access control flaw. SonicWall fixed the SonicOS flaw in late August 2024, and roughly a week later, it warned that it was already under active exploitation. At the same time, Arctic Wolf security…
Read More »