Patched SonicWall critical vulnerability still used in several ransomware attacks

Patch available with other ‘disabling’ workarounds

The affected SonicOS versions included 5.9.2.14-12o and older, 6.5.4.14-109n and older, and 7.0.1-5035 and older, which were fixed in versions 5.9.2.14-13o, 6.5.4.15.116n, and 7.0.1-5072, respectively.

SonicWall and Arctic Wolf strongly recommend that the affected users upgrade to the latest supported SonicOS firmware versions. Additionally, the SonicWall advisory recommends that all users of Gen5 and Gen6 devices update their passwords to prevent unauthorized access. Disabling the affected services was also included as a workaround to this issue in the SonicWall advisory.

“To minimize potential impact, SonicWall recommends restricting firewall management to trusted sources or disabling firewall WAN management from Internet access,” the company said. “Similarly, for SSLVPN, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet.”

Leave a Comment