Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » SonicWall urges users to fix critical firewall flaw amid possible exploit
Global Security

SonicWall urges users to fix critical firewall flaw amid possible exploit

AdminBy AdminSeptember 6, 2024No Comments2 Mins Read
SonicWall
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 6, 2024Ravi LakshmananNetwork security / threat detection

SonicWall

SonicWall has discovered that a recently patched critical security flaw affecting SonicOS could be actively exploited, so users should apply the patches as soon as possible.

The vulnerability, tracked as CVE-2024-40766, has a CVSS score of 9.3 out of a maximum of 10.

“Improper access control vulnerability has been identified in SonicWall SonicOS and SSLVPN management access, which could potentially lead to unauthorized access to resources and cause firewall failure under certain conditions,” SonicWall said in the updated guidance.

Cyber ​​security

Through recent developments, the company revealed that CVE-2024-40766 also affects the SSLVPN feature of the firewall. The issue has been addressed in the following versions –

  • SOHO (5th Generation Firewalls) – 5.9.2.14-13o
  • 6th gen firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400 and NSsp 12800) and 6.5.4.15.116n (for other 6th gen firewalls)

The network security vendor has since updated the bulletin to reflect the possibility that it may have been actively used.

“This vulnerability is potentially being exploited in the wild,” the report said added. “Please apply the patch as soon as possible to the affected products.”

As a temporary mitigation, it is recommended that you restrict firewall management to trusted sources or disable WAN firewall management from Internet access. For SSLVPN, it is recommended to restrict access to trusted sources or disable Internet access altogether.

Cyber ​​security

Additional mitigation measures include enabling multi-factor authentication (MFA) for all SSLVPN users using one-time passwords (OTPs) and recommending that customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts update their passwords immediately to prevent unauthorized access.

There are currently no details on how the flaw could have been weaponized in the wild, but Chinese threat actors have not patched SonicWall Secure Mobile Access (SMA) 100 devices in the past to ensure long-term security.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.