SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS - #CVE-2024-40766
SonicWall's SonicOS management access has been plagued by a critical vulnerability (CVE-2024-40766) affecting various device generations. This flaw, exploited by ransomware groups like Akira and Fog, allows unauthorized access and potential system crashes. Despite patches being released, thousands of devices remain vulnerable, leading to numerous attacks across industries. The attackers, often collaborating, exploit unpatched systems and disabled multi-factor authentication to rapidly encrypt data and demand ransoms. The vulnerability's severity is underscored by its inclusion in CISA's Known Exploited Vulnerabilities Catalog. SonicWall has since addressed additional vulnerabilities, emphasizing the ongoing need for vigilant cybersecurity measures, including prompt patching and implementing multi-factor authentication.