SonicWall has disclosed that an important security vulnerability in SonicOS, which has been patched recently, may have been actively exploited, underscoring the urgency for users to apply the patches promptly.
The vulnerability, designated as CVE-2024-40766, has a CVSS score of 9.3 out of 10.
“An improper access control vulnerability has been uncovered in the SonicWall SonicOS management access and SSLVPN, potentially resulting in unauthorized resource access and in specific scenarios, causing the firewall to crash,” SonicWall stated in an updated advisory.
With this latest development, it has been revealed that CVE-2024-40766 also affects the firewall’s SSLVPN functionality. The problem has been fixed in the following versions –
- SOHO (Gen 5 Firewalls) – 5.9.2.14-13o
- Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
The network security vendor has updated the bulletin to indicate the possibility of active exploitation.
“This vulnerability is potentially being exploited in the wild,” it added. “Please apply the patch as soon as possible for affected products.”
As temporary solutions, it is advised to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. For SSLVPN, limiting access to trusted sources or disabling internet access entirely is recommended.
Additional measures include enabling multi-factor authentication (MFA) with one-time passwords (OTPs) for all SSLVPN users and suggesting users of GEN5 and GEN6 firewalls with SSLVPN to update their passwords immediately to prevent unauthorized access.
There is currently no information on how the vulnerability may have been exploited, but Chinese threat actors have previously used unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to establish long-term persistence.