SonicWall has disclosed that a recent critical security deficiency affecting SonicOS might now be being actively exploited. This urgent scenario emphasizes the necessity for clients to promptly install the devised fixes.
This high-risk security loophole, recognized as CVE-2024-40766, is assigned a CVSS score of 9.3 out of the maximum score of 10.
SonicWall, in a revised advisory notification, mentioned, “An inappropriate access control shortcoming was found in the SonicWall SonicOS’ control access and SSLVPN, which could lead to illicit access to resources, and under certain circumstances, result in the crashing of the firewall.”
In follow-up news, SonicWall has clarified that the security deficiency categorized as CVE-2024-40766 also affects the SSLVPN feature of the firewall. This problem has been rectified in the following software versions –
SOHO Firewall (5th Generation) – 5.9.2.14-13o 6th Generation Firewalls – 6.5.2.8-2n (applicable for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (applicable for other 6th Generation Firewall appliances) The network security supplier has hence revised the bulletin to hint at the likelihood of the flaw being actively exploited.
The company issued a warning stating, “This flaw might currently be under exploitation. We strongly recommend users to install the patch as soon as possible.”
As provisional protective measures, it is advisable to limit firewall control access to verified sources or deactivate firewall WAN control from Internet access. For SSLVPN, limiting access to only trusted sources or completely disabling Internet access is suggested.
Further preventive methods include mandating multi-factor authentication (MFA) for all SSLVPN users utilizing one-time passwords (OTPs). Also, advising clients who use GEN5 and GEN6 firewalls with SSLVPN users maintaining locally managed accounts to promptly change their passwords to prevent unauthorized entry.
At present, no particular details exist regarding how this deficiency might have been used for malicious purposes. However, it’s worth mentioning that in previous instances Chinese cyberthreat actors have exploited unpatched SonicWall Secure Mobile Access (SMA) 100 devices to gain persistent access.
