Sonicwall Devices Vulnerable to Easily Exploitable SSL-VPN Flaw

In early January, Sonicwall released critical updates addressing a Zero-Day vulnerability affecting its SSL-VPN and SSH management services. Despite these updates, reports indicate that over 5,000 devices remain exposed to potential attacks.

Cybersecurity experts from Bishop Fox have conducted an in-depth analysis of the vulnerability, successfully exploiting it to gain unauthorized access. Their findings reveal a concerning number of Sonicwall appliances are still accessible on the internet, despite the significant efforts required to identify and exploit the flaw. The researchers noted, however, that the actual exploit was relatively straightforward.

The researchers have also outlined their disclosure timeline. Following their notification to Sonicwall, they plan to release detailed exploit information 90 days later, which is set for February 10, 2025. Sonicwall issued updates on January 7, 2025, providing administrators ample time to implement the necessary patches.

Given the substantial number of vulnerable Sonicwall appliances still online, it is imperative for IT administrators to prioritize these updates. The initial announcement may have been overlooked, resulting in a significant number of Sonicwall firewalls remaining unpatched.

On January 7, 2025, Sonicwall's vulnerabilities in SSL-VPN and SSH management were publicly acknowledged. Updates became available the following day. Additionally, last week, attackers began exploiting another vulnerability in the SMA1000, which allows the injection of system commands (CVE-2025-23006, CVSS 9.8, rated as critical). Sonicwall has since released a patch for this issue as well, which should be applied without delay if not already done.