SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Avatar
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. “An improper access control vulnerability has been identified in the SonicWall SonicOS management
[[{“value”:”

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible.

The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash,” SonicWall said in an updated advisory.

With the latest development, the company has revealed that CVE-2024-40766 also impacts the firewall’s SSLVPN feature. The issue has been addressed in the below versions –

SOHO (Gen 5 Firewalls) – 5.9.2.14-13o
Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)

The network security vendor has since updated the bulletin to reflect the possibility that it may have been actively exploited.

“This vulnerability is potentially being exploited in the wild,” it added. “Please apply the patch as soon as possible for affected products.”

As temporary mitigations, it’s recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. For SSLVPN, it’s advised to limit access to trusted sources, or disable internet access altogether.

Additional mitigations include enabling multi-factor authentication (MFA) for all SSLVPN users using one-time passwords (OTPs) and recommending customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts to immediately update their passwords for preventing unauthorized access.

There are currently no details about how the flaw may have been weaponized in the wild, but Chinese threat actors have, in the past, unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to establish long-term persistence.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

Next Post

Russian dark web marketplace admins indicted after arrest in Miami

Related Posts

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any
Avatar
Read More

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
Avatar
Read More