Sonicwall SRA 4600 Targeted By an Old Vulnerability

SANS ISC InfoSec Forums

Sonicwall SRA 4600 Targeted By an Old Vulnerability
Devices and applications used to provide remote access are juicy targets. I've already been involved in many ransomware cases and most of the time, the open door was an unpatched VPN device/remote access solution or weak credentials. A good example, the recent attack against the Colonial Pipeline that started with a legacy VPN profile[1]. A group of attackers is targeting Sonicwall devices through the vulnerability described in CVE-2019-7481. Yes, a vulnerability from 2019! It affects Sonicwall SRA ("Secure Remote Access") 4600 devices running firmware versions 8.x and 9.x. Crowdstrike published a nice blog post about this vulnerability[2]. If you run a Sonicwall device affected by this vulnerability, please review your current firmware and patch! [1] https://www.hsgac.senate.gov/imo/media/doc/Testimony-Blount-2021-06-08.pdf [2] https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/ Xavier Mertens (@xme) Senior ISC Handler - Freelance Cyber Security Consultant PGP Key I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Amsterdam August 2022	Xme 697 Posts ISC Handler Jun 11th 2021
Thread locked Subscribe	Jun 11th 2021 1 year ago