Mitigating Improper Access Control Vulnerability in SonicWall Firewall Products

SonicWall is an American cybersecurity company that sells a range of internet appliances primarily directed at content control and network security. VC3 deploys a number of firewall solutions, of which SonicWall is one. 

On Wednesday, August 21, 2024, SonicWall issued an advisory concerning active exploits currently affecting their product line. The at-risk SonicWall systems: 

• Currently run software versions older than April 2022. 

• Are accessible by external users via the internet. In other words, their WAN (Wide Area Network) interfaces are open to the internet. 

This situation does not rise to the level of an emergency for VC3 clients because: 

• VC3 has an established process for patching firewalls and all network security hardware on a regular basis. 

• VC3 configures each client’s environment securely and limits external access to WAN.  

While the advisory from SonicWall highlights a potential vulnerability, VC3’s existing security measures and procedures ensure that the risk is mitigated. 

However, to ensure the safety of VC3 clients’ infrastructure and data, VC3 is proactively reviewing all SonicWall hardware for vulnerabilities. This exercise will reconfirm that clients with SonicWall systems are not at risk. 

If you have any questions, don’t hesitate to reach out to your Strategic Advisor.