SonicWall Security Incident: Exposed Backups Could Put Your Firewall at Risk

SonicWall, a leading provider of network security solutions, has disclosed a recent security incident involving the exposure of firewall configuration backup files stored within certain MySonicWall accounts. The company emphasized transparency in its disclosure, stating: “As part of our commitment to transparency, we are notifying you of an incident that exposed firewall configuration backup files stored in certain MySonicWall accounts.”

The exposed files contained sensitive firewall configuration data, which, if accessed by malicious actors, could greatly increase the risk of compromise. SonicWall warned, “Access to the exposed firewall configuration files contain information that could make exploitation of firewalls significantly easier for threat actors.”

Upon detecting the incident, SonicWall took swift action. The company explained: “After identifying the incident, we immediately began an investigation, containing the incident by terminating the unauthorized access point and working with law enforcement and select cybersecurity agencies globally.”

The incident impacts SonicWall Firewalls with preference files backed up in MySonicWall.com. Customers who did not enable cloud backups are not at risk.

SonicWall has provided a clear step-by-step process for users to determine their exposure:

1. Login to MySonicWall (MSW).
2. Verify if cloud backups are enabled.
   • “If No: you are not at risk.”
   • “If Yes: continue.”
3. Check for flagged serial numbers in your account.
   • “If yes: the listed firewalls are at risk and should follow the containment and remediation guidelines.”
   • “If no: continue.”

For users who previously enabled backups but see no flagged devices, SonicWall promised additional clarity soon: “SonicWall will provide additional guidance in coming days to determine if your backup files were impacted.”

SonicWall has published detailed containment and remediation documentation for affected customers, available through their knowledge base at SonicWall Support.

Firewall configurations are the backbone of an organization’s network defense. If adversaries gain insights into rules, NAT configurations, VPN setups, or administrative access points, they could tailor attacks with alarming precision. By exposing these files, the incident raises serious concerns about targeted exploitation campaigns against organizations running SonicWall firewalls.

Organizations relying on SonicWall devices should immediately:

• Log into MySonicWall and check for impacted devices.
• Apply SonicWall’s remediation steps without delay.
• Monitor for suspicious traffic or attempts to exploit firewall weaknesses.

Related Posts:

• CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities
• Critical GeoServer RCE Flaw CVE-2024-36401 Actively Exploited, 6,284 Instances Vulnerable
• Faraday: Open Source Vulnerability Management Platform