Overview

• SonicWall concluded on August 7 that the surge in Akira ransomware intrusions exploited CVE-2024-40766 rather than an undisclosed zero-day flaw.
• The vulnerability was first disclosed in August 2024 with a CVSS score of 9.3 as an improper access control issue in SonicOS management access.
• Investigators are reviewing under 40 related cases, many involving Gen 6 to Gen 7 firewall migrations where local user passwords were carried over without resets.
• To mitigate the risk, SonicWall advises upgrading to SonicOS 7.3, resetting SSLVPN user passwords, enabling Botnet Protection and Geo-IP Filtering, and enforcing MFA.
• Some customers have challenged the vendor’s conclusions by reporting breaches outside the described threat vector and seeking deeper log analysis from SonicWall.