- BishopFox scanned the internet for SonicWall VPNs and found hundreds of thousands that can be accessed over the internet.
- Tens of thousands were running old and vulnerable versions of software
- Some were already past their end-of-life date, putting them at risk for a stroke.
Tens of thousands of SonicWall VPN firewall platforms are vulnerable to a variety of flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.
BishopFox cybersecurity researchers scanned the Internet with Shodan and BinaryEdge and, by running proprietary scripts to analyze the data returned, discovered that there were 430,363 endpoints exposed to the Internet.
While this doesn’t necessarily mean they’re vulnerable, endpoints like these shouldn’t be connected to the general internet to begin with, as it means criminals could try to access them and look for holes.
End of life
“The management interface of a firewall should never be exposed publicly, as this presents unnecessary risk,” BishopFox said in its report. “The SSL VPN interface, although designed to provide access to external clients over the Internet, should ideally be protected by source IP address restrictions.”
Digging deeper, BishopFox discovered that nearly 120,000 endpoints were running versions affected by severe vulnerabilities, including 25,485 endpoints with critical severity flaws and 94,018 endpoints with high severity flaws. Additionally, they said 20,710 endpoints were running versions of the software that are no longer supported by the vendor.
This presents a fairly large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often the target of different campaigns, including the recent attacks by the Fog and Akira ransomware groups. These threat actors abused the flaws to gain initial access to corporate networks, where they then deployed ransomware encryptors and wreaked havoc on the entire enterprise infrastructure.
To address the threat, businesses must ensure they are always running the latest versions of their software and that their endpoints remain compatible with their respective vendors.
Through beepcomputer
