Ddos
September 11, 2025
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an alert on the active exploitation of CVE-2024-40766, a critical vulnerability in SonicWall SSL VPNs that has been linked to Akira ransomware intrusions against Australian organizations.
The advisory notes that “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.”
This flaw affects Gen 5, Gen 6, and Gen 7 SonicWall devices running vulnerable SonicOS versions. Exploitation allows attackers to gain unauthorized access to corporate networks and, in some cases, crash the firewall itself, amplifying disruption.
The alert emphasizes that threat actors are already taking advantage of the flaw: “We are aware of the Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs.”
Akira ransomware has been increasingly observed leveraging VPN vulnerabilities as an entry point, with Australian organizations now squarely in its sights.
The ACSC strongly urges organizations to immediately update their devices. The advisory explains: “Apply the patch as soon as possible for impacted products, latest patch builds are available for download on mysonicwall.com.”
Additionally, the ACSC recommends:
- Restricting firewall management access to trusted sources only.
- Disabling firewall WAN management from the internet.
- Limiting SSLVPN access to trusted networks or disabling it entirely if not needed.
- Changing passwords after updating to the latest firmware.
The alert stresses: “Organisations remain vulnerable if they have not fully implemented the mitigation advice by updating credentials after updating the firmware.”
Related Posts:
- Information Stealer Malware on the Rise: ACSC Issues Urgent Cybersecurity Warning
- SonicWall Issues Urgent Patch for Critical Firewall Vulnerability (CVE-2024-40766)
- SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild
- Akira Ransomware Exploits SonicWall SSLVPN Flaw (CVE-2024-40766)
- Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
