Summary:
A recent scan conducted by cybersecurity firm Bishop Fox uncovered 430,363 SonicWall publicly exposed firewall appliances. Among these, 25,485 SonicWall SSLVPN devices were found to be vulnerable to critical security flaws, while an additional 94,018 were vulnerable to high-severity issues. The scan also revealed that approximately 20,000 devices were running SonicOS/OSX firmware versions no longer supported by the vendor. Specifically, 6,633 devices were using Series 4 and 5 firmware, both of which reached end-of-life status several years ago. Another 14,077 devices were found to be using unsupported versions of Series 6 firmware, which is now only partially supported. Additionally, Bishop Fox identified 13,827 devices running unknown firmware versions, 197,099 devices running unsupported Series 6 firmware with unspecified versions, and 29,254 devices running unknown versions of Series 5 firmware.

Security Officer Comments:
With hundreds of thousands of firewall instances exposed to the internet, attackers have significant opportunities to identify and exploit vulnerabilities, outdated or unpatched firmware, misconfigurations, and weak passwords through brute-force methods to gain initial access. While the number of vulnerable endpoints has decreased from 178,000 in January 2024, there remains a large number of unpatched devices that attackers could exploit. Notably, publicly exposed and vulnerable (CVE-2022-22274, CVE-2023-0656) SonicWall firewalls have been recently targeted by ransomware groups such as Fog and Akira to gain entry into victim networks, highlighting the need for organizations to apply patches promptly to mitigate potential attacks.

Suggested Corrections:
Organizations should prioritize updating their devices by applying the latest patches and firmware versions provided by SonicWall. Devices running outdated or end-of-life firmware, such as Series 4 and Series 5, should be replaced or upgraded to supported versions. Additionally, organizations should implement strong access controls, disable unnecessary public-facing services, and conduct regular vulnerability scans to identify and remediate any security weaknesses. By ensuring that all devices are running supported firmware and applying security updates promptly, organizations can reduce their exposure to cyber attacks.

Link(s):
https://bishopfox.com/blog/state-sonicwall-exposure-firmware-decryption-unlocks-insights 

https://www.bleepingcomputer.com/ne...wall-vpn-firewalls-exposed-to-critical-flaws/