SonicWall has issued security updates to address a critical vulnerability in its firewall devices that could allow malicious actors to gain unauthorized access. The flaw, identified as CVE-2024-40766 with a CVSS score of 9.3, is described as an improper access control bug.
"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," SonicWall explained in an advisory released last week.
Affected Devices and Versions
This security flaw impacts SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and earlier versions. To address the issue, SonicWall has released updates for the following versions:
- SOHO (Gen 5 Firewalls): Updated to version 5.9.2.14-13o
- Gen 6 Firewalls: Updated to version 6.5.2.8-2n (applicable for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
The company noted that the vulnerability is not reproducible in SonicOS firmware versions higher than 7.0.1-5035. However, SonicWall advises users to install the latest firmware updates to ensure maximum security.
Recommended Actions
While there is no current evidence suggesting that this vulnerability has been exploited in the wild, SonicWall strongly recommends that users apply the necessary patches as soon as possible to protect their devices from potential threats.
For users who cannot immediately apply the patch, SonicWall suggests restricting firewall management access to trusted sources or disabling firewall WAN management access from internet sources as a temporary security measure.
Recent Threat Actor Activity
This update comes on the heels of recent findings from Google-owned Mandiant, which reported that a China-nexus threat actor known as UNC4540 had targeted unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to install Tiny SHell, establishing long-term persistence.
The move reflects a growing trend among China-linked threat groups, such as the Velvet Ant activity cluster, focusing on exploiting edge infrastructure to breach targets and maintain undetected remote access. Velvet Ant was recently found using a zero-day exploit against Cisco Switch appliances to distribute a new malware called VELVETSHELL, a hybrid of Tiny SHell and 3proxy.
Reference: www.thehackernews.com
