Overview
- SonicWall concluded on August 7 that the surge in Akira ransomware intrusions exploited CVE-2024-40766 rather than an undisclosed zero-day flaw.
- The vulnerability was first disclosed in August 2024 with a CVSS score of 9.3 as an improper access control issue in SonicOS management access.
- Investigators are reviewing under 40 related cases, many involving Gen 6 to Gen 7 firewall migrations where local user passwords were carried over without resets.
- To mitigate the risk, SonicWall advises upgrading to SonicOS 7.3, resetting SSLVPN user passwords, enabling Botnet Protection and Geo-IP Filtering, and enforcing MFA.
- Some customers have challenged the vendor’s conclusions by reporting breaches outside the described threat vector and seeking deeper log analysis from SonicWall.