The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors.
The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across multiple generations of SonicWall devices.
Critical Vulnerability Details
The improper access control vulnerability carries a CVSS v3.0 score of 9.3, indicating critical severity.
The vulnerability allows unauthorized access to system resources and, under specific conditions, can cause affected firewalls to crash completely.
SonicWall classified this as an improper access control issue (CWE-284) that requires no user interaction and can be exploited remotely over the network.
The CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L demonstrates that attackers can exploit this vulnerability without authentication, with low attack complexity, and achieve high impact on confidentiality while causing limited availability impact.
The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component itself.
Affected Systems and Versions
The vulnerability impacts a wide range of SonicWall devices across three generations. Gen 5 SOHO devices running SonicOS version 5.9.2.14-12o and older are affected.
Gen 6 firewalls, including popular models like TZ 300, TZ 400, TZ 500, TZ 600 series, NSA 2650-6650 series, and SM 9200-9650 series running firmware 6.5.4.14-109n and older versions, are also vulnerable.
Gen 7 devices face significant risk, including TZ270-670 models and NSa 2700-6700 series running SonicOS build version 7.0.1-5035 and older.
The extensive range of affected devices highlights the widespread nature of this security issue across SonicWall’s product portfolio.
SonicWall’s security advisory explicitly states that this vulnerability is “potentially being exploited in the wild,” prompting immediate patching recommendations.
The combination of critical severity, remote exploitation capability, and active threat activity makes this vulnerability particularly dangerous for organizations relying on affected SonicWall devices for network security.
The improper access control flaw could allow attackers to bypass authentication mechanisms and gain unauthorized access to sensitive network resources.
In enterprise environments, this could lead to data breaches, lateral movement within networks, and potential system compromises.
Organizations using affected SonicWall devices must prioritize immediate patching. Updated firmware versions are available through mysonicwall.com, and SonicWall strongly recommends installing patches as soon as possible.
Given the active exploitation and critical nature of this vulnerability, delaying patches could expose organizations to significant cybersecurity risks.
Network administrators should also review firewall logs for suspicious activity and implement additional monitoring while patches are being deployed across their infrastructure.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
