The Information Highway

The Information Highway

Font size: +
1 minute reading time (251 words)

Critical SonicOS Vulnerability

Threat update

A critical vulnerability has been identified in the SonicWall SonicOS management access. 

Technical Detail and Additional Info

What is the threat?

CVE-2024-40766, a critical vulnerability in the management interface of SonicOS, stems from improper access validation, allowing threat actors to execute code on the target system to gain control and possibly exploit the vulnerability. Attackers send specially crafted requests to the device to exploit this vulnerability. If these requests are successful, the attacker could execute arbitrary code on the firewall, leading to full compromise of the device. 

Why is it noteworthy?

This type of remote code execution (RCE) vulnerability can pose a critical security risk to the network. With the successful implementation of the codes, the attacker will have the ability to bypass security controls, monitor or alter network traffic, and move laterally throughout the environment. If exploited, attackers could disable security features and open backdoors, potentially leading to data breaches, system downtime, and other security incidents. 

What is the exposure or risk?

Organizations using the following affected SonicWall firewall devices are at high risk:

  • 5.9.2.14-12o
  • 6.5.4.14-109n
  • 7.0.1-5035 and older

What are the recommendations?

 LBT Technology Group recommends the following actions to keep your environment secure:

  • Ensure the latest version of SonicOS is used.
  • Restrict firewall management to authenticated sources only.
  • Disable firewall WAN management for any Internet sources.

References

 For more in-depth information about the recommendations, please visit the following links:

  • https://nvd.nist.gov/vuln/detail/CVE-2024-40766

If you have any questions, please contact LBT's Sales Engineer.

Windows 11 KB5041587 update adds sharing to Androi...
Park’N Fly notifies 1 million customers of data br...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023