SonicWall has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-40766) affecting its firewall products. The company warns that this improper access control flaw is potentially being exploited in the wild, prompting immediate action from users.
The vulnerability, with a CVSS score of 9.3, impacts SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS versions 7.0.1-5035 and older.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
If successfully exploited, it could lead to unauthorized resource access and, in specific conditions, cause the firewall to crash.
SonicWall has released patches to address the issue:
| Impacted Platforms | Impacted Versions | Fixed Versions |
|---|---|---|
| SOHO (Gen 5) | 5.9.2.14-12o and older versions | 5.9.2.14-13o |
| Gen6 Firewalls (SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W) | 6.5.4.14-109n and older versions | 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) 6.5.4.15.116n (for other Gen6 Firewall appliances) |
| Gen7 Firewalls (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700) | SonicOS build version 7.0.1-5035 and older versions | Any version higher than 7.0.1-5035* |
The company strongly urges all customers to apply these patches immediately, as the vulnerability is believed to be under active exploitation. Users can download the latest patch builds from mysonicwall.com.
SonicWall recommends implementing workarounds to minimize the potential impact for those unable to patch immediately. These include restricting firewall management to trusted sources and disabling firewall WAN management from Internet access. Similar precautions should be taken for SSLVPN access.
Additionally, SonicWall advises customers using Gen5 and Gen6 firewalls with SSLVPN users who have locally managed accounts to update their passwords immediately. Administrators should enable the “User must change password” option for each local account to enforce this critical security measure.
The company also recommends enabling Multi-Factor Authentication (MFA) for all SSLVPN users, using either TOTP or Email-based OTP methods.
Given the critical nature of this vulnerability and its potential exploitation, organizations using affected SonicWall products should treat this as a high-priority security issue. Prompt action in applying patches or implementing recommended workarounds is crucial to mitigate the risk of unauthorized access or system crashes.
SonicWall’s swift response in releasing patches and providing detailed mitigation strategies underscores the severity of this security threat. Users are encouraged to stay vigilant and monitor their networks for any signs of suspicious activity.
Download Free Incident Response Plan Template for Your Security Team – Free Download