SonicWall has patched a critical vulnerability in its firewall service which could have allowed crooks to access the underlying device.
The company released a patch and a follow-up advisory, in which it explained discovering, and fixing, an improper access control bug. The flaw is tracked as CVE-2024-40766, and carries a severity score of 9.3, which makes it critical.
“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash,” the advisory reads.
Patches and workarounds
The company further explained that SonicWall Firewall Gen 5 and Gen 6 devices are affected by this bug. Gen 7 devices are also vulnerable, albeit those running SonicOS 7.0.1-5035 and older.
To secure the endpoints from potential break-ins, users should update their firewalls to these versions:
SOHO (Gen 5 Firewalls) – 5.9.2.14-13o
Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
The company said that the devices running SonicOS firmware version higher than 7.9.1-5035 should be safe, since the bug cannot be reproduced. However, installing the latest firmware is recommended.
Those who are unable to install the patch should go for the workaround, which includes restricting firewall management access to only the people they trust. Alternatively, they can disable firewall WAN management access from all internet sources, too.
So far, there were no reports of in-the-wild abuse. However, if history is any teacher, now with the patch released and knowledge of the bug available, it’s only a matter of time before crooks start scanning the internet for vulnerable endpoints. Previously, SonicWall’s solutions were targeted by Chinese state-sponsored hackers, who devised a piece of malware that was even capable of surviving firmware updates.
Via The Hacker News
