Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

A recent analysis by cybersecurity firm Bishop Fox uncovered that over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical security flaws, with 20,000 running outdated SonicOS/OSX firmware that is no longer supported by the vendor. The study identified a total of 430,363 publicly exposed SonicWall firewalls, significantly expanding the potential attack surface for cyber threats. Many of these devices are operating on outdated firmware versions, with 25,485 affected by critical vulnerabilities and 94,018 facing high-severity security risks. Threat actors, including ransomware groups like Fog and Akira, have actively exploited these flaws to gain unauthorized access to corporate networks.
Bishop Fox leveraged internet scanning tools such as Shodan and BinaryEdge, along with its proprietary fingerprinting methods, to detect these exposures. Publicly accessible firewalls mean their management or SSL VPN interfaces are exposed to the internet, making them prime targets for cyberattacks through vulnerabilities, misconfigurations, and weak passwords.
Security experts emphasize that firewall management interfaces should never be publicly exposed due to the heightened risk they pose. While SSL VPN interfaces are intended for remote access, they should ideally be restricted by source IP address policies to enhance security. Despite some progress in patching efforts compared to previous findings, the overall adoption rate of security updates remains concerning.