SonicWall has verified that there are no new zero-day vulnerabilities in SSLVPN, stating that the recent ransomware attack is associated with an older vulnerability.

SonicWall has officially addressed concerns regarding a potential new zero-day vulnerability in its Secure Sockets Layer Virtual Private Network (SSLVPN) products. In a statement to Cybersecurity News, the company confirmed that recent ransomware attacks are not due to a new flaw but are linked to a previously identified and patched vulnerability, specifically CVE-2024-40766. This vulnerability was disclosed earlier and detailed in the company’s public advisory, SNWLID-2024-0015. SonicWall’s investigation refutes claims of an unknown zero-day exploit circulating in the wild. The impact of these attacks has been limited, with fewer than 40 confirmed cases identified, primarily associated with the use of legacy credentials during the migration from older Generation 6 firewalls to the newer Generation 7 models.

In response to these incidents, SonicWall has issued updated guidance for its customers, urging them to change their credentials immediately to prevent unauthorised access. The company strongly recommends upgrading to SonicOS 7.3.0, which includes enhanced Multi-Factor Authentication (MFA) protections and other security features designed to mitigate such attacks. These features encompass login attempt lockouts and the enforcement of complex password policies. Since identifying the threat, SonicWall has maintained a proactive approach to communication and customer protection, directly notifying affected customers and partners while providing detailed mitigation steps.