Security Advisory: Potential SonicWall SSL VPN Zero-Day

SonicWall has acknowledged the possibility of a previously unknown vulnerability in their Gen 7 firewall appliances after threat reporting from Arctic Wolf, Google Mandiant, and Huntress indicated that ransomware groups had been seen exploiting instances of these devices with the SSL VPN functionality enabled. At-Bay has observed similar indicators with our Response & Recovery team currently investigating multiple cases where victim organizations have SonicWall appliances in their environment.

The security advisory from SonicWall can be found here.

At-Bay recommends that organizations conform with recommendations issued by SonicWall and immediately disable SSL VPN functionality pending the identification of root cause of these incidents and development of a fix (if necessary). Organizations that can’t disable VPN functionality for business reasons should consider deploying IP-based allow-listing of authorized users to limit potentially malicious connections.

At-Bay Cyber Advisors are available to provide advice and guidance on other potential workarounds or mitigating controls related to this issue. Schedule a meeting with your Stance Advisory Services team here.