As a cybersecurity expert, I’m here to alert you to a critical vulnerability (CVE-2024-40766) affecting SonicWall Firewall products. This improper access control flaw is actively being exploited in the wild, making it imperative to take immediate action.
Affected Devices and Impact
The vulnerability impacts the following SonicWall Firewall devices:
- Gen 5 and Gen 6 devices
- Gen 7 devices running SonicOS versions 7.0.1-5035 and older If exploited, this flaw could lead to:
- Unauthorized resource access
- Firewall crashes
Patches and Mitigation
SonicWall has released patches to address the issue. Users are strongly urged to apply these patches immediately:
| Impacted Platforms | Impacted Versions | Fixed Versions |
|---|---|---|
| SOHO (Gen 5) | 5.9.2.14-12o and older | 5.9.2.14-13o |
| Gen6 Firewalls | 6.5.4.14-109n and older | 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) 6.5.4.15.116n (for other Gen6 Firewall appliances) |
| Gen7 Firewalls | SonicOS build version 7.0.1-5035 and older | Any version higher than 7.0.1-5035* |
*Note: Refer to the SonicWall advisory for more details on patch versions.
For those who cannot apply patches immediately, SonicWall recommends implementing the following workarounds:
- Restrict firewall management to trusted sources
- Disable firewall WAN management from Internet access
- Restrict SSLVPN access
- Reset passwords for locally managed accounts
- Enable Multi-Factor Authentication (MFA) for SSLVPN users
Urgency: High
Given the critical nature of this vulnerability and its active exploitation, it is essential to treat this as a high-priority security issue.
Organizations should:
- Patch affected devices promptly
- Implement recommended workarounds
- Monitor networks for suspicious activity
- Reset locally managed account passwords
- Enable MFA for SSLVPN users
SonicWall’s swift response underscores the severity of this threat. Users are advised to remain vigilant and take immediate action to mitigate the risk of unauthorized access or system crashes.
