Threat update

A critical vulnerability has been identified in the SonicWall SonicOS management access. 

Technical Detail and Additional Info

What is the threat?

CVE-2024-40766, a critical vulnerability in the management interface of SonicOS, stems from improper access validation, allowing threat actors to execute code on the target system to gain control and possibly exploit the vulnerability. Attackers send specially crafted requests to the device to exploit this vulnerability. If these requests are successful, the attacker could execute arbitrary code on the firewall, leading to full compromise of the device. 

Why is it noteworthy?

This type of remote code execution (RCE) vulnerability can pose a critical security risk to the network. With the successful implementation of the codes, the attacker will have the ability to bypass security controls, monitor or alter network traffic, and move laterally throughout the environment. If exploited, attackers could disable security features and open backdoors, potentially leading to data breaches, system downtime, and other security incidents. 

What is the exposure or risk?

Organizations using the following affected SonicWall firewall devices are at high risk:

• 5.9.2.14-12o
• 6.5.4.14-109n
• 7.0.1-5035 and older

What are the recommendations?

 LBT Technology Group recommends the following actions to keep your environment secure:

• Ensure the latest version of SonicOS is used.
• Restrict firewall management to authenticated sources only.
• Disable firewall WAN management for any Internet sources.

References

 For more in-depth information about the recommendations, please visit the following links:

• https://nvd.nist.gov/vuln/detail/CVE-2024-40766

If you have any questions, please contact LBT's Sales Engineer.