Alert Users! Upgrade Important Firewall Vulnerability to Avoid Potential Attacks
SonicWall disclosed that a crucial security loophole in SonicOS, now fixed, might be under active exploitation, emphasizing the urgency of promptly applying the updates.
The identified vulnerability, known as CVE-2024-40766, has been assigned a CVSS score of 9.3 out of 10.
“A flaw in access control has been detected in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized access and, under specific circumstances, causing the firewall to crash,” SonicWall stated in a revised advisory, as reported in the news.
The company has now revealed that the firewall’s SSLVPN functionality is also affected by CVE-2024-40766. The respective updates have been released for the following versions:
- SOHO (Gen 5 Firewalls) – 5.9.2.14-13o
- Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
The network security provider has updated the bulletin to acknowledge the potential exploitation of CVE-2024-40766.
“There are reports of potential exploitation of this vulnerability,” it was noted. “Immediate application of the patch is advised for affected products.”
To mitigate temporarily, it is advisable to limit firewall management to trusted sources or deactivate WAN management from external access. For SSLVPN, restricting access to trusted sources or completely disabling internet access is recommended.
Additional measures involve implementing multi-factor authentication (MFA) for all SSLVPN users, using one-time passwords (OTPs), and advising customers with locally managed accounts on GEN5 and GEN6 firewalls with SSLVPN to update their passwords immediately to prevent unauthorized access.
There is no specific information on how the vulnerability may have been exploited in the wild; however, Chinese threat actors have previously exploited unpatched SonicWall Secure Mobile Access (SMA) 100 devices to establish persisting control.
About Author
