Case Study: How Moddtech Responded to a Critical SonicWall Zero-Day Vulnerability in Under 1 Hour

The Incident

On August 4th, a critical zero-day vulnerability affecting SonicWall TZ and NSA appliances running firmware 7.2.0 and below was reported and later published by SonicWall. The flaw impacted the SSL VPN service, allowing attackers to gain full network and domain access, even enabling them to deploy ransomware across endpoints.

‍

The stakes were high.

• Downtime: Every second without access meant lost revenue.
• Recovery complexity: Even with backups, restoring systems safely could take hours—or days—without reinfection.
• Ransom risk: Paying attackers is costly and increases the chance of being targeted again.

SonicWall’s immediate mitigation advice was to disable SSL VPN. If that wasn’t possible, they recommended enabling multi-factor authentication (MFA) and disabling unnecessary accounts. Effective, but not ideal for businesses needing continuous secure remote access.

Our Response at Moddtech

Thanks to our partnership with Kaseya, we received the alert immediately and sprang into action.

‍

Step 1 – Rapid Assessment
We quickly scanned our client base to identify appliances within the affected firmware range.

• Result: One SonicWall TZ 570 running firmware 7.2.0, with 27 SSL VPN accounts and ~20 active remote users.
• All other client appliances were already updated to 7.3.0.

Step 2 – Immediate Risk Mitigation
We communicated planned downtime via Slack to the affected users and disabled the SSL VPN service on the vulnerable appliance.

Step 3 – Secure Access Restoration
This client had recently renewed their firewall and held 16 Cloud

‍

Secure Edge – Secure Private Access (CSE SPA) licenses.

• We created accounts, sent invites, and provided connection instructions.
• For users needing extra guidance, we offered remote assistance via our RMM tool.

Step 4 – Bridging the Gap
With only 16 licenses available, 4 users were left without CSE SPA access. For them, we deployed a Twingate connector, ensuring they could securely access the private resources they needed.

The Outcome

From the moment we received the vulnerability alert to having 100% of affected users securely connected and working, the entire process took less than one hour.

This swift, coordinated response:

• Prevented potential ransomware deployment
• Maintained operational continuity
• Reinforced our client’s trust in Moddtech as a proactive cybersecurity partner

Key Takeaways

• Zero-day vulnerabilities require immediate action to protect business operations.
• Layered security and having multiple secure remote access options in place are essential.
• Strong incident response procedures can mean the difference between a small disruption and a costly disaster.