SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN.

The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions, causes firewalls to crash.

The vulnerability affects SonicWall Gen 5 and Gen 6 devices and Gen 7 devices running SonicOS 7.0.1-5035 and older versions. SonicWall has urged users to apply the latest patches immediately to mitigate potential risks.

Details of the Vulnerability

The vulnerability, classified under CWE-284: Improper Access Control, has a CVSS v3 score of 9.3, indicating its critical nature.

The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L, highlighting the ease of exploitation and the potential for severe impact on confidentiality.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

The advisory, first published on August 23, 2024, and last updated on September 6, 2024, emphasizes the urgency of addressing this issue.

SonicWall has provided a workaround for those unable to immediately apply the patch. It recommends restricting firewall management to trusted sources and disabling SSLVPN access from the Internet.

Affected Products and Versions

The following table summarizes the impacted platforms and versions:

Impacted Platforms	Impacted Versions
SOHO (Gen 5)	5.9.2.14-12o and older versions
Gen6 Firewalls	6.5.4.14-109n and older versions
Gen7 Firewalls	SonicOS build version 7.0.1-5035 and older versions

SonicWall has released patches for the affected products, available for download on mysonicwall.com.

Users are strongly encouraged to install the latest firmware to protect their systems from potential exploitation. For those unable to apply the patch immediately, SonicWall recommends the following actions:

• Restrict firewall management to trusted sources.
• Disable firewall WAN management from Internet access.
• Limit SSLVPN access to trusted sources or disable it entirely from the Internet.

For detailed instructions on implementing these workarounds, users can refer to SonicWall’s support articles on restricting SonicOS admin access and setting up SSL VPN.

Fixed Software Versions

The following table provides information on the fixed software versions:

Fixed Platforms	Fixed Versions
SOHO (Gen 5)	5.9.2.14-13o
Gen6 Firewalls	6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800)
	6.5.4.15.116n (for other Gen6 Firewall appliances)
Gen7 Firewalls	Firmware version higher than 7.0.1-5035

The discovery of this vulnerability underscores the importance of maintaining up-to-date security measures in network devices.

Organizations using SonicWall products should act swiftly to apply the necessary patches and implement recommended workarounds to safeguard their networks.

SonicWall Technical Support can assist users with any questions or additional information required to address this critical vulnerability. As cyber threats evolve, staying informed and proactive is essential in protecting digital assets.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!