SonicWall has disclosed that a recently patched critical security flaw in SonicOS (CVE-2024-40766, CVSS score: 9.3) may have been actively exploited. The flaw affects SonicOS management access and the SSLVPN feature, potentially leading to unauthorized access or even causing a firewall crash.
Impacted Versions:
- SOHO (Gen 5 Firewalls) - 5.9.2.14-13o
- Gen 6 Firewalls - 6.5.2.8-2n (SM9800, NSsp 12400, NSsp 12800) and 6.5.4.15.116n (other Gen 6 devices)
Recommendations:
- Apply the patch immediately for affected products.
- Restrict firewall management to trusted sources or disable WAN management from Internet access.
- Limit SSLVPN access to trusted sources or disable Internet access.
- Enable multi-factor authentication (MFA) for all SSLVPN users.
- For users with locally managed accounts, update passwords immediately.
Temporary Workarounds:
- Restrict access for both firewall management and SSLVPN features to trusted sources.
- Enable MFA for additional security.
Though no specifics on how the flaw has been weaponized are available, previous attacks on SonicWall devices, particularly by Chinese threat actors, highlight the importance of acting swiftly.
