ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited in attacks. <\/p>\n
The flaw, tracked as CVE-2024-40766<\/a>, affects multiple generations of SonicWall firewalls and carries a critical CVSS score of 9.3, highlighting the significant risk it poses to organizations.<\/p>\n The advisory notes a recent increase in exploitation targeting Australian entities, with threat actors like the Akira ransomware <\/a>group leveraging the vulnerability.<\/p>\n The vulnerability, identified under advisory ID SNWLID-2024-0015, is an improper access control issue within the SonicWall SonicOS management interface and SSLVPN. <\/p>\n This flaw allows an unauthenticated remote attacker to gain unauthorized access to sensitive resources. <\/p>\n According to the vendor\u2019s security advisory<\/a>, under specific conditions, the exploitation of this vulnerability can also lead to a denial-of-service condition by causing the firewall to crash.<\/p>\n The issue impacts a wide range of devices, including SonicWall\u2019s Gen 5 and Gen 6 firewalls, as well as Gen 7 devices running SonicOS version 7.0.1-5035 and earlier. The wide deployment of these devices across various sectors makes this a widespread threat.<\/p>\n The ACSC\u2019s warning emphasizes that this is not a theoretical threat. The agency is aware of a recent surge in active exploitation of CVE-2024-40766 within Australia.<\/p>\n Specifically, the advisory links the vulnerability to attacks carried out by the Akira ransomware<\/a> gang, a group known for targeting vulnerable network edge devices as an initial access vector into corporate networks.<\/p>\n By exploiting the SonicWall flaw, attackers can establish a foothold from which they can move laterally, escalate privileges, and ultimately deploy ransomware to encrypt critical data and disrupt operations, a tactic that aligns with Akira\u2019s known methods.<\/p>\n Both SonicWall and the ACSC<\/a> are urging organizations using the affected devices to take immediate action to mitigate the risk.<\/p>\n The primary step is to apply the security patches released by SonicWall, which address the vulnerability<\/a>. However, patching alone is not sufficient.<\/p>\n The vendor has stressed that organizations must also change passwords associated with the devices after the firmware update is complete. <\/p>\n Failure to update credentials leaves the organization vulnerable to compromise, even after the patch has been applied. <\/p>\n Organizations are advised to review their networks for vulnerable SonicWall devices and consult the official advisories for detailed investigation and remediation guidance to prevent unauthorized access and potential ransomware attacks.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nActive Exploitation By Ransomware Groups<\/strong><\/h2>\n