MS-ISAC consultancy number:
2024-097
Published date (s):
08/08/2025
PREVIEW:
Vulnerability has been discovered in access to Sonicwall Sonicos Management and SSLVPN, which could allow access to unauthorized resources and under specific conditions, causing the firewall crash. Sonicos is the Sonicwalls operating system designed for their firewalls and other security devices. The successful exploitation of the most serious of these vulnerabilities could allow unauthorized access to the system. According to the privileges associated with the system, an attacker could then; Display, modify or delete data.
Threat intelligence:
Sonicwall reports that the CVE-2024-40766 is actively exploited in the wild.
August 7 – Updated threat intelligence:
A recent threat activity in 2025 showed targeted attacks on Gen 7 Sonicwall firewalls with activated SSLVPN. These attacks have been linked to Ransomware Akira campaigns, which have exploited migrated local accounts with unchanged passwords.
Although Sonicwall has not updated its official opinion since November 2024, they have published new guidelines in response to these incidents, stressing the importance of the degree and hygiene of diplomas.
Affected systems:
- SOHO (Gen 5) 5.9.2.14-12o and older versions
- Gen6 Firewalls 6.5.4.14-109n and older versions
- Gen7 Firewalls SonicOS build version 7.0.1-5035 and older versions
Large and medium government entities
Small government
Large and Medium Business Entities
Small Business ENTITIES
