SonicWall has issued an urgent warning to apply patches as soon as possible for a critical access control flaw tracked as CVE-2024-40766 in SonicOS, which is now being exploited in attacks. The vulnerability affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices.
The flaw, with a CVSS v3 score of 9.3, allows for unauthorized resource access and can crash the firewall, eliminating network protections. Initially believed to only impact SonicOS management access, the company has since revealed that CVE-2024-40766 also affects the SSLVPN feature.
Impacted products and versions include:
* SonicWall Gen 5 running SonicOS version 5.9.2.14-12o and older – fixed in SonicOS version 5.9.2.14-13o
* SonicWall Gen 6 running SonicOS version 6.5.4.14-109n and older – fixed in 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) and version 6.5.4.15-116n (for other Gen 6 Firewalls)
* SonicWall Gen 7 running SonicOS version 7.0.1-5035 and older – not reproducible in 7.0.1-5035 and later
SonicWall recommends the following mitigation measures:
* Limit firewall management to trusted sources and disable internet access to the WAN management portal if possible
* Restrict SSLVPN access to trusted sources only and disable it entirely if not needed
* For Gen 5 and Gen 6 devices, SSLVPN users with local accounts should update their passwords immediately and administrators should enable the “User must change password” option for local users
* Enable multi-factor authentication (MFA) for all SSLVPN users using TOTP or email-based one-time passwords (OTPs)
While details on how the flaw is being actively exploited are scarce, similar vulnerabilities have been used in the past to gain initial access to corporate networks. Threat actors often target SonicWall devices due to their internet exposure providing remote VPN access.
Source: https://www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/