On 10 September 2025, the Australian Cyber Security Centre (ACSC) issued a high-severity alert about active exploitation of a critical SonicWall SSL VPN vulnerability (CVE-2024-40766). For Melbourne small and mid-sized businesses (SMBs), this is not a theoretical risk — it’s a direct threat. Attackers are using the flaw to gain initial access, move laterally, and deploy ransomware, with Akira affiliates already observed in the wild. While SonicWall released patches in 2024, exploitation continues where appliances remain unpatched or when migrated credentials were left unchanged.

Why this matters for SMBs

Many SMBs still rely on on-premises VPN appliances for remote access. A compromised SSL VPN gives attackers a foothold inside your network — allowing lateral movement, privilege escalation, and ransomware deployment. The vulnerability has a high CVSS score, and active exploitation has been observed in Australia. For SMBs without enterprise-grade security operations, this is a critical business risk.

Technical cause (short)

CVE-2024-40766 is an improper access control issue in SonicOS. Attackers exploit misconfigured or outdated devices — particularly where local SSL VPN accounts were retained during hardware migrations — to bypass protections. In some cases, exploitation also causes appliances to crash. SonicWall and ACSC advisories consistently cite two common failings: missing firmware patches and reused credentials.

Practical MSP playbook

Immediate discovery (0–4 hours)

Run RMM/config scans for all SonicWall Gen 5/6/7 appliances. Use vendor tools or Nessus/Tenable to identify internet-facing VPN endpoints and mark them as critical.

Triage & containment (4–24 hours)

If VPNs aren’t required, disable them temporarily or restrict access via ACLs. Lock down management interfaces to trusted IPs only. Route logs into your SIEM/MSSP for monitoring.

Patch & credential hygiene (24–72 hours)

Apply the latest SonicWall firmware updates. Reset all local SSL VPN accounts, especially those migrated between devices. Enforce MFA (TOTP or hardware tokens) for all VPN logins.

Post-remediation monitoring (72 hours+)

Hunt for unusual authentication attempts, lateral movement, or data exfiltration. Validate backup integrity. If compromise is suspected, follow your incident response runbook: contain, eradicate, recover, notify.

Longer-term prevention

SMBs should consider moving away from internet-facing VPNs altogether, adopting modern Zero Trust or SASE models. Network segmentation, device lifecycle checks, and strict patching SLAs (e.g., 48-hour turnaround for critical updates) should become policy.

How Ex-tech can help

At Ex-tech Solutions, we’re conducting emergency SonicWall audits across Melbourne. Our team provides rapid patching, credential resets, MFA rollouts, and forensic monitoring. For businesses using SonicWall appliances, treat this as an incident, not a routine update.

If you’re unsure of your exposure, reach out today — our engineers can deliver a FREE emergency security audit and remediation plan to keep your business protected.