Particle.news

Download on the App Store

SonicWall Blames Patched CVE-2024-40766 for Akira Ransomware Attacks

The vendor has released firmware updates along with best-practice guidance after investigating fewer than 40 incidents tied to password carryovers during firewall migrations.

Image
SonicWall
SonicWall appliances targeted
Image

Overview

  • SonicWall concluded on August 7 that the surge in Akira ransomware intrusions exploited CVE-2024-40766 rather than an undisclosed zero-day flaw.
  • The vulnerability was first disclosed in August 2024 with a CVSS score of 9.3 as an improper access control issue in SonicOS management access.
  • Investigators are reviewing under 40 related cases, many involving Gen 6 to Gen 7 firewall migrations where local user passwords were carried over without resets.
  • To mitigate the risk, SonicWall advises upgrading to SonicOS 7.3, resetting SSLVPN user passwords, enabling Botnet Protection and Geo-IP Filtering, and enforcing MFA.
  • Some customers have challenged the vendor’s conclusions by reporting breaches outside the described threat vector and seeking deeper log analysis from SonicWall.