ICSI Security Alert: Protect Your Network from SonicWall Gen 7 SSLVPN Vulnerabilities

Overview

SonicWall has issued a critical security advisory regarding a surge in compromised SSLVPN accounts on Gen 7 firewalls. Over the past 72 hours, cybersecurity teams including Arctic Wolf, Google Mandiant, and Huntress have reported increased threat activity targeting SonicWall SSLVPN endpoints [1].

This spike may be linked to previously disclosed vulnerabilities or potentially new exploits. SonicWall is actively investigating and will release updated firmware if necessary [1].

Key Vulnerabilities Identified

Recent advisories highlight several serious issues affecting SonicWall Gen 7 devices:

• Improper Access Control: Allows unauthorized access and potential firewall crashes [2].
• Authentication Bypass: Attackers may bypass SSLVPN authentication using weak pseudo-random number generators [3].
• Privilege Escalation: In cloud deployments, attackers could elevate privileges to root[3].

Recommended Mitigation Steps

SonicWall recommends the following immediate actions to protect your network:

1. Disable SSLVPN Services Where Practical: If disabling is not viable, proceed with all other steps. 
2. Restrict Access to Trusted IPs: Limit SSLVPN connectivity to known, trusted sources.
3. Enable Security Services
   Activate Botnet Protection and Geo-IP Filtering to block known threat actors.
4. Enforce Multi-Factor Authentication (MFA): MFA is essential, though not foolproof against all current threats.
5. Remove Unused Accounts: Delete inactive local user accounts, especially those with SSLVPN access.
6. Practice Good Password Hygiene: Encourage regular password updates and complexity across all accounts.
7. Update Firmware Immediately: Ensure your SonicWall appliances are running the latest firmware versions.

How ICSI Can Help

As a trusted Maryland IT company and Florida IT company, ICSI is here to help you:

• Audit your SonicWall configurations and assist it implementing a Zero Trust Framework and moving away from the Sonicwall SSL VPN in its entirety. Depending on the client we will work with them to implement the updated security software that meets their specific needs.
• Implement MFA and IP restrictions
• Patch and update firmware
• Monitor for Indicators of Compromise (IoCs)
• Provide ongoing cybersecurity support

Whether you’re a small business or a large enterprise, ICSI has the expertise to secure your infrastructure against evolving threats.

Stay Protected

Cyber threats are evolving rapidly. If you’re using SonicWall Gen 7 firewalls, now is the time to act. Contact ICSI today to schedule a security review and ensure your systems are protected.

📞 Call us or 📧 Email us to get started.

[1] Gen 7 SonicWall Firewalls – SSLVPN Recent Threat Activity

[2] Security Advisory – SonicWall

[3] Security Advisory