SonicWall has circulated an urgent security alert concerning a crucial vulnerability (CVE-2024-40766) impacting its firewall products. The company cautions that this flaw in access control is potentially being leveraged in the wild, prompting immediate action from users.

The vulnerability, boasting a CVSS score of 9.3, affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices operating on SonicOS versions 7.0.1-5035 and earlier.

If successfully exploited, it may result in unauthorized resource access and, under specific conditions, lead the firewall to crash.

Patches have been released by SonicWall to rectify the issue:

Impacted Platforms Impacted Versions Fixed Versions
SOHO (Gen 5) 5.9.2.14-12o and prior versions 5.9.2.14-13o
Gen6 Firewalls (SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W) 6.5.4.14-109n and earlier versions 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800)
6.5.4.15.116n (for other Gen6 Firewall appliances)
Gen7 Firewalls (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700) SonicOS build version 7.0.1-5035 and earlier versions Any version above 7.0.1-5035*

The company strongly recommends all customers to promptly apply these patches, as the vulnerability is believed to be actively exploited. Users can access the latest patch versions from mysonicwall.com.

SonicWall suggests deploying workarounds to lessen the potential impact for those unable to patch immediately. These measures encompass limiting firewall management to trusted sources and deactivating firewall WAN management from Internet access. Equivalent precautions should be observed for SSLVPN access.

In addition, SonicWall advises customers using Gen5 and Gen6 firewalls with SSLVPN users who possess locally managed accounts to promptly change their passwords. Administrators should activate the “User must change password” setting for each local account to enforce this crucial security step.

The company also advocates enabling Multi-Factor Authentication (MFA) for all SSLVPN users, employing either TOTP or Email-based OTP techniques.

Owing to the critical nature of this vulnerability and its potential exploitation, organizations leveraging affected SonicWall products should regard this as a high-priority security concern. Swift action in implementing patches or executing the recommended workarounds is imperative to mitigate the risks of unauthorized access or system crashes.

The rapid response by SonicWall in issuing patches and offering comprehensive mitigation strategies underscores the gravity of this security menace. Users are urged to remain vigilant and monitor their networks for any indications of suspicious activities.

The post SonicWall Warns of Access Control Vulnerability Exploited in the Wild appeared first on Cyber Security News.