SonicWall customers who have not yet installed a recent patch should hesitate no longer. Hackers are actively exploiting a known bug.
Cybercriminals are exploiting a vulnerability in firewalls from SonicWall. Via they manage to exploit a bug in SonicOS. That operating system drives the firewalls. The bug allows attackers to bypass authentication and hijack active SSL-VPN sessions. From there, criminals gain access to the corporate network.
The bug is not new. Late last year it already came to light that 25,000 accessible firewalls were susceptible to a bug. Then, in January, it turned out that the aforementioned vulnerability affected numerous customers. SonicWall provided a patch in time, but not everyone has installed it in the meantime.
Simple hack
Security researchers did share a proof of concept, demonstrating how the vulnerability works. Attackers have taken that demonstration to heart, and have been attacking vulnerable devices since late viruge week. It would be very easy to break into a firewall that is not yet running the latest version of SonicOS.
The solution is simple: install the latest firmware on your firewall. The alternative is obvious: The question is not whether hackers can attack your firewall, but when. Firewalls are low-hanging fruit.
If, for some reason, you really can’t update, at least disable the SSL-VPN functionality. According to security researchers, at least 4,500 SonicWall firewalls were still vulnerable last week.