SonicWall has identified a critical vulnerability in its SonicOS platform [6], known as CVE-2024-40766 [1] [3] [4], which poses a significant security risk to firewall devices.

Description

This vulnerability affects Gen 5, Gen 6 [1] [3] [4] [5] [6] [7], and Generation 7 firewall devices running SonicOS version 7.0.1-5035 and earlier [2] [6]. With a CVSS score of 9.3 [6], unauthorized access and firewall crashes are potential consequences. SonicWall has released urgent security updates to address this issue. Security teams are advised to restrict SonicOS access to trusted accounts or disable remote management of firewall devices [6]. Notably, unpatched SonicWall Secure Mobile Access (SMA) 100 appliances were targeted by threat actors last year to establish long-term persistence.

Conclusion

The identified vulnerability in SonicOS requires immediate attention to prevent unauthorized access and firewall crashes. Implementing security updates and restricting access to trusted accounts are crucial steps to mitigate the risk. The incident involving unpatched SMA 100 appliances highlights the importance of timely updates and proactive security measures to safeguard against potential threats.

References

[1] https://www.tenable.com/cve/CVE-2024-40766
[2] https://www.heise.de/en/news/Security-update-Attacks-on-Sonicwall-firewalls-can-trigger-a-crash-9845228.html
[3] https://securityaffairs.com/167595/security/sonicwall-sonicos-cve-2024-40766.html
[4] https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html
[5] https://cvefeed.io/vuln/detail/CVE-2024-40766
[6] https://cyberscoop.com/sonicwall-sonicos-firewall-cve-2024-40766/
[7] https://cyber.vumetric.com/security-news/2024/08/26/sonicwall-patches-critical-flaw-affecting-its-firewalls-cve-2024-40766/