SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

Aug 07, 2025Ravie LakshmananNetwork Security / Vulnerability

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.

“We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability,” the company said. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766.”

CVE-2024-40766 (CVSS score: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper access control issue that could allow malicious actors unauthorized access to the devices.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash,” it noted in an advisory at the time.

SonicWall also said it’s investigating less than 40 incidents related to this activity, and that many of the incidents are related to migrations from Gen 6 to Gen 7 firewalls without resetting the local user passwords, a crucial recommended action as part of CVE-2024-40766.

Furthermore, the company pointed out that SonicOS 7.3 has additional protection against brute-force password and multi-factor authentication (MFA) attacks. The updated guidance offered by the company is below –

• Update firmware to SonicOS version 7.3.0
• Reset all local user account passwords for any accounts with SSLVPN access, particularly those that were carried over during migration from Gen 6 to Gen 7
• Enable Botnet Protection and Geo-IP Filtering
• Enforce MFA and strong password policies
• Remove unused or inactive user accounts

The development comes as multiple security vendors reported observing a surge in attacks exploiting SonicWall SSL VPN appliances for Akira ransomware attacks.

Last year, Arctic Wolf disclosed that threat actors associated with Akira and Fog are targeting SonicWall SSL VPNs that are unpatched against CVE-2024-40766 to breach victim networks between August and mid-October 2024.

Cybersecurity company Huntress told The Hacker News that it continues to see organizations impacted by threat actors targeting SonicWall Gen 7 firewall appliances, adding a total of at least 28 incidents have been recorded from this activity cluster as of August 6, 2025.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!