SonicWall has discovered that a recently patched critical security flaw affecting SonicOS could be actively exploited, so users should apply the patches as soon as possible.
The vulnerability, tracked as CVE-2024-40766, has a CVSS score of 9.3 out of a maximum of 10.
“Improper access control vulnerability has been identified in SonicWall SonicOS and SSLVPN management access, which could potentially lead to unauthorized access to resources and cause firewall failure under certain conditions,” SonicWall said in the updated guidance.
Through recent developments, the company revealed that CVE-2024-40766 also affects the SSLVPN feature of the firewall. The issue has been addressed in the following versions –
- SOHO (5th Generation Firewalls) – 5.9.2.14-13o
- 6th gen firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400 and NSsp 12800) and 6.5.4.15.116n (for other 6th gen firewalls)
The network security vendor has since updated the bulletin to reflect the possibility that it may have been actively used.
“This vulnerability is potentially being exploited in the wild,” the report said added. “Please apply the patch as soon as possible to the affected products.”
As a temporary mitigation, it is recommended that you restrict firewall management to trusted sources or disable WAN firewall management from Internet access. For SSLVPN, it is recommended to restrict access to trusted sources or disable Internet access altogether.
Additional mitigation measures include enabling multi-factor authentication (MFA) for all SSLVPN users using one-time passwords (OTPs) and recommending that customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts update their passwords immediately to prevent unauthorized access.
There are currently no details on how the flaw could have been weaponized in the wild, but Chinese threat actors have not patched SonicWall Secure Mobile Access (SMA) 100 devices in the past to ensure long-term security.
