HQ/EMEAFind out how we can help your business
Thousands of publicly accessible SonicWall VPN firewalls are exposed to severe issues, impacting the SonicOS/OSX firmware that the vendor no longer supports.
Reports revealed that the vulnerabilities in SonicWall SSL VPN devices are the subject of various exploits from different ransomware organisations, such as Akira and Fog, as they are an appealing target for gaining early access to corporate networks.
The researchers have already detected 430,363 publicly exposed SonicWall firewalls using internet scanning methods such as BinaryEdge and Shodan and proprietary fingerprinting tactics.
Public exposure shows that the firewall’s management or SSL VPN interfaces are available via the internet, enabling threat actors to test for bugs, outdated/unpatched firmware, and misconfigurations and execute brute-force attacks to find weak passwords.
While the SSL VPN interface is intended to provide access to external clients via the Internet, source IP address limitations should preferably safeguard it.
Over 20,000 devices suffer from the bugged SonicWall VPN firewalls.
Most devices affected by the vulnerable SonicWall VPN firewalls have reached their end-of-life status for years. In addition, some flawed devices no longer have supported versions, and some are only partially maintained.
This tally makes 20,710 devices running end-of-life firmware vulnerable to various public attacks, but this figure does not accurately reflect the scope of the problem.
Separate research also discovered 13,827 running unknown firmware versions, 197,099 running unsupported Series 6 firmware but unable to establish the exact version, and 29,254 running an unknown Series 5 firmware version.
When the researchers examined the scan results using fingerprinting technology to determine the exact firmware versions and their protection against known vulnerabilities, they discovered that 25,485 are vulnerable to critical severity issues.
The majority of the devices determined to be susceptible are running Series 7 firmware but have not been updated to the current version, which fixes security issues.
Experts suggested to the public that users who still use vulnerable devices should be aware that they are prone to exploits. Threat actors will try to target most of these vulnerable devices as there are no countermeasures because the vendor no longer supports them or has reached their EoL.
