All news with #ssl vpn tag

New SonicWall SonicOS Flaw Lets Attackers Crash Firewalls

⚠️ SonicWall has released patches for a high-severity SonicOS SSLVPN vulnerability (CVE-2025-40601) that can trigger a stack-based buffer overflow and remotely crash Gen7 and Gen8 firewalls. The company says the flaw allows a remote unauthenticated attacker to cause a DoS but reports no active exploitation or public PoC. Fixed versions are 7.3.1-7013+ for Gen7 and 8.0.3-8011+ for Gen8; admins unable to patch should disable SSLVPN or restrict access.

Akira Ransomware Exploits Unpatched SonicWall VPNs

🚨 The Australian Cyber Security Centre has observed increased exploitation of SonicWall SSL VPNs by the Akira ransomware group, leveraging CVE-2024-40766. The vulnerability, patched over a year ago, affects SonicWall Gen 5 and Gen 6 appliances and Gen 7 devices running SonicOS 7.0.1-5035 and earlier. Organisations remain at risk if they did not both install firmware updates and immediately rotate administrative credentials after migration. Security vendors Rapid7 and Recorded Future report automated intrusions tied to this issue; operators are advised to patch, reset passwords, restrict VPN access and enable robust MFA.