Cyber Security News

SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN.

The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions, causes firewalls to crash.

The vulnerability affects SonicWall Gen 5 and Gen 6 devices and Gen 7 devices running SonicOS 7.0.1-5035 and older versions. SonicWall has urged users to apply the latest patches immediately to mitigate potential risks.

Details of the Vulnerability

The vulnerability, classified under CWE-284: Improper Access Control, has a CVSS v3 score of 9.3, indicating its critical nature.

The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L, highlighting the ease of exploitation and the potential for severe impact on confidentiality.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

The advisory, first published on August 23, 2024, and last updated on September 6, 2024, emphasizes the urgency of addressing this issue.

SonicWall has provided a workaround for those unable to immediately apply the patch. It recommends restricting firewall management to trusted sources and disabling SSLVPN access from the Internet.

Affected Products and Versions

The following table summarizes the impacted platforms and versions:

Impacted PlatformsImpacted Versions
SOHO (Gen 5)5.9.2.14-12o and older versions
Gen6 Firewalls6.5.4.14-109n and older versions
Gen7 FirewallsSonicOS build version 7.0.1-5035 and older versions

SonicWall has released patches for the affected products, available for download on mysonicwall.com.

Users are strongly encouraged to install the latest firmware to protect their systems from potential exploitation. For those unable to apply the patch immediately, SonicWall recommends the following actions:

  • Restrict firewall management to trusted sources.
  • Disable firewall WAN management from Internet access.
  • Limit SSLVPN access to trusted sources or disable it entirely from the Internet.

For detailed instructions on implementing these workarounds, users can refer to SonicWall’s support articles on restricting SonicOS admin access and setting up SSL VPN.

Fixed Software Versions

The following table provides information on the fixed software versions:

Fixed PlatformsFixed Versions
SOHO (Gen 5)5.9.2.14-13o
Gen6 Firewalls6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800)
6.5.4.15.116n (for other Gen6 Firewall appliances)
Gen7 FirewallsFirmware version higher than 7.0.1-5035

The discovery of this vulnerability underscores the importance of maintaining up-to-date security measures in network devices.

Organizations using SonicWall products should act swiftly to apply the necessary patches and implement recommended workarounds to safeguard their networks.

SonicWall Technical Support can assist users with any questions or additional information required to address this critical vulnerability. As cyber threats evolve, staying informed and proactive is essential in protecting digital assets.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

19 hours ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

20 hours ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

21 hours ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

21 hours ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

22 hours ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

22 hours ago