SonicWall fixes critical improper access control flaw in its firewalls
Take action: If you are running Gen 5 to Gen 7 Sonicwall firewalls, make sure your management interface is accessible only from trusted networks. Then review the advisory for the appropriate patch and plan a quick patch.
Learn More
SonicWall has released a critical security update addressing a severe vulnerability in its SonicOS platform, tracked as CVE-2024-40766 (CVSS score 9.3).
The flaw is an improper access control issue within the SonicOS management access interface. It can potentially lead to unauthorized access to resources or, under specific conditions, cause the firewall to crash, making it highly dangerous for organizations relying on SonicWall firewalls.
This vulnerability affects multiple generations of SonicWall firewalls, including:
- Gen 5 devices
- Gen 6 devices
- Gen 7 devices running SonicOS 7.0.1-5035 and earlier versions
The patched versions that address this vulnerability include:
- SOHO (Gen 5 Firewalls) - 5.9.2.14-13o
- Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
- Gen 7 Firewalls - SonicOS versions higher than 7.0.1-5035
Users are urged to apply the latest security updates as soon as possible. If an immediate update is not feasible, SonicWall recommends restricting management access to trusted sources or disabling WAN management access from the internet to reduce exposure.
Although there is no confirmed exploitation of this vulnerability in the wild, SonicWall devices have been frequent targets of threat actors in the past.
