By Bill Toulas on Friday, 06 September 2024
Category: Security

SonicWall SSLVPN access control flaw is now exploited in attacks

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.

"This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com," warns the updated SonicWall advisory.

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw impacting SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices. 

The software vendor did not disclose much information about the flaw other than its potential for unauthorized resource access and ability to crash the firewall, thus eliminating network protections.

When SonicWall first disclosed the flaw on August 22, 2024, the flaw was only believed to be in the SonicWall SonicOS management access. With today's update, the company is warning that CVE-2024-40766 also impacts the firewall's SSLVPN feature.

Apply patches as soon as possible

The list of impacted products and versions, as well as the releases that address CVE-2024-40766, are summarized as follows:

The latest mitigation recommendations by SonicWall include:

  1. Limit firewall management to trusted sources and disable internet access to the WAN management portal if possible.
  2. Restrict SSLVPN access to trusted sources only and disable it entirely if not needed.
  3. For Gen 5 and Gen 6 devices, SSLVPN users with local accounts should update their passwords immediately and administrators should enable the "User must change password" option for local users.
  4. Enable multi-factor authentication (MFA) for all SSLVPN users using TOTP or email-based one-time passwords (OTPs). More information on how to configure this measure is available here.

While SonicWall has not shared how the flaw is being actively exploited, similar flaws have been used in the past to gain initial access to corporate networks.

Threat actors commonly target SonicWall as they are exposed to the internet to provide remote VPN access.

In March 2023, suspected Chinese hackers (UNC4540) targeted unpatched SonicWall Secure Mobile Access (SMA) devices to install custom malware that persisted through firmware upgrades.

Related Posts

Leave Comments