SonicWall has disclosed that a critical security vulnerability in SonicOS, which was recently patched, may have been actively exploited, underscoring the urgency for users to apply the necessary patches promptly.
The vulnerability identified as CVE-2024-40766 has been assigned a CVSS score of 9.3 out of 10.
“An improper access control flaw has been detected in the SonicWall SonicOS management access and SSLVPN, potentially resulting in unauthorized access to resources and under specific circumstances, causing the firewall to crash,” SonicWall noted in an updated advisory.
In the latest development, SonicWall has confirmed that CVE-2024-40766 also affects the firewall’s SSLVPN feature. The issue has been resolved in the following versions –
- SOHO (Gen 5 Firewalls) – 5.9.2.14-13o
- Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
The network security provider has updated the bulletin to indicate the potential active exploitation of the vulnerability.
“This vulnerability is potentially being exploited in the wild,” they added. “Please apply the patch as soon as possible for affected products.”
As interim measures, it is recommended to limit firewall management to trusted sources or disable firewall WAN management from Internet access. For SSLVPN, restricting access to trusted sources or completely disabling internet access is advised.
Additional precautions include implementing multi-factor authentication (MFA) for all SSLVPN users using one-time passwords (OTPs) and advising customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts to update their passwords immediately to prevent unauthorized access.
There is currently no information on how threat actors could have exploited the vulnerability in the wild. However, Chinese threat actors have previously leveraged unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to establish persistent access.
