SonicWall critical flaw actively exploited, patch now
Learn More
SonicWall is reporting that a critical access control vulnerability in its SonicOS software, tracked as CVE-2024-40766 (CVSS score 9.3), is being actively exploited in the wild.
CVE-2024-40766 is an improper access control flaw impacting both the SonicOS management access and the SSLVPN feature of SonicWall devices. The flaw could potentially allow unauthorized access to network resources and, in some cases, cause the firewall to crash, which would remove network protections.
This vulnerability affects multiple generations of SonicWall firewalls, including:
- Gen 5 devices
- Gen 6 devices
- Gen 7 devices running SonicOS 7.0.1-5035 and earlier versions
SonicWall updated its advisory on September 6, 2024, to warn that CVE-2024-40766 is potentially being exploited by attackers. While specific details on the exploitation method have not been disclosed,
The company is urging administrators to apply the latest patches immediately and:
- Limit firewall management to trusted sources.
- Disable internet access to the WAN management portal where possible.
- Restrict SSLVPN access to trusted sources and disable it entirely if not needed.
- Enable multi-factor authentication (MFA) for all SSLVPN users using TOTP or email-based one-time passwords.
- For Gen 5 and Gen 6 devices, SSLVPN users with local accounts should immediately update their passwords, and administrators should enable the "User must change password" option for local users
