SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances.
About CVE-2024-40766
CVE-2024-40766 is an improper access control vulnerability in the “SonicWall SonicOS management access”, the company says.
“This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”
Security updates fixing the vulnerability are available for all currently supported next-gen firewall models.
“This vulnerability is not reproducible in SonicOS firmware version higher than 7.0.1-5035,” the company noted, but nevertheless advised users to install the latest firmware.
Though upgrading to a fixed version is preferred, there is an alternative, i.e., a workaround to minimize the potential of exploitation: users can restrict firewall management access to trusted sources (e.g., whitelist specific IP addresses) or disable firewall WAN management access from internet sources.
No exploitation detected
SonicWall’s security solutions are widely used and occasionally targeted by attackers seeking a way into corporate networks.
In 2021, researchers discovered that attackers have leveraged zero-day flaws in SonicWall Email Security appliances, as well as a zero-day in the company’s Secure Mobile Access (SMA) 100 series appliances.
There is currently no mention of CVE-2024-40766 being exploited in the wild.
The vulnerability has a 9.3 CVSS v3 base score, and the associated vector string says it’s remotely exploitable with no privileges or user interaction required. Also, the complexity of the attack that would trigger the flaw is considered to be “low”.
SonicWall’s description of this exploitable weakness is, understandably, very superficial, but threat actors might do some patch diffing (to identify the changes to binaries made by SonicWall’s security updates) and thus infer the flaw’s trigger and find a way to create a working exploit.
Admins are advised to implement the security updates as soon as possible.