SonicWall initially issued an advisory of a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSL VPN is enabled. A likely zero-day vulnerability in SonicWall VPNs was being actively exploited to bypass multi-factor authentication (MFA) and deploy ransomware. SonicWall was actively investigating these incidents to determine whether they were connected to a previously disclosed vulnerability or if a new vulnerability may be responsible. SonicWall strongly advised, where practical, disabling the VPN service immediately and applying other mitigations in the advisory.

SonicWall provided an update, indicating that the recent SSL VPN activity is not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766. SonicWall updated their guidance for all customers who have imported configurations from Gen 6 to newer firewalls to apply the mitigations in the advisory. Additional information can be found in the Huntress blog and BleepingComputer article.