Critical alert: Immediate action required to address severe SonicWALL vulnerability.
We are issuing an urgent security advisory concerning a critical vulnerability affecting SonicWALL devices.
Recent findings indicate that this vulnerability poses a significant threat to the security of your networks. The severity of this issue has not been fully emphasised, and immediate action is required to mitigate the risk.
WHAT YOU NEED TO KNOW
Unpatched SonicWALL Vulnerability
Unpatched SonicWALL devices are vulnerable to a critical exploit where VPN passwords can be remotely accessed by unauthorised bots without any authentication. This vulnerability could allow attackers to compromise your network and gain unauthorised access to sensitive information.
Persisting Threat Even After Patching
Even after applying the necessary patches, the threat persists if the passwords have already been exposed. Once compromised, these passwords can be used by malicious actors to log in and move laterally within the network, further endangering your organisation’s security.
FOR THE TECHS – URGENT ACTION REQUIRED (FOR EXECUTIVES – SEE BELOW)
To protect your organisation and mitigate the risk, it is imperative to take the following actions immediately:
Patch Your SonicWALL Devices
Ensure that all SonicWALL devices in your network are updated with the latest security
patches. This step is critical in preventing further exploitation of the vulnerability.
Reset All VPN User Passwords
As a precaution, reset the passwords for all VPN users. This will help prevent any
compromised credentials from being used by attackers.
Monitor SonicWALL Logs
Thoroughly review the logs of your SonicWALL devices for any unusual or suspicious activity that may indicate an attempted or successful breach.
Review SIEM Logs for Potential Risks
Examine your Security Information and Event Management (SIEM) logs for any signs of potential risk or malicious activity that may have occurred as a result of this vulnerability.
OTP: (Two Factor Authentication)
If you have not already enforced OTP for your VPN users do so immediately.
Limit WAN Management access:
Restrict external access to the Management interface to known IP(s) or block it entirely.
FOR THE EXECUTIVES
MAKE SURE YOUR IT TEAM HAVE THIS COVERED TODAY (whether in house or outsourced)
Forward the Tech instructions to your IT team along with the official SonicWALL Advisory
Security Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015.
Ensure the remediation is at the top of the list of importance for those responsible for your IT.
Set a strict timeline for completion, ideally immediately, approve necessary downtime for the patch.
Agree comms to send to your staff that use VPN’s so they are aware they will lose access
until the remediation has been completed.
We urge all organisations to take immediate action to safeguard their networks and protect their sensitive information from this critical threat.
Get in touch with the Lantech team if you need support.