SonicWall SSLVPN entry management flaw is now exploited in assaults

SonicWall is warning {that a} not too long ago fastened entry management flaw tracked as CVE-2024-40766 in SonicOS is now “potentially” exploited in assaults, urging admins to use patches as quickly as potential.

“This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com,” warns the up to date SonicWall advisory.

CVE-2024-40766 is a vital (CVSS v3 rating: 9.3) entry management flaw impacting SonicWall Firewall Gen 5 and Gen 6 gadgets, in addition to Gen 7 gadgets.

The software program vendor didn’t disclose a lot details about the flaw apart from its potential for unauthorized useful resource entry and skill to crash the firewall, thus eliminating community protections.

When SonicWall first disclosed the flaw on August 22, 2024, the flaw was solely believed to be within the SonicWall SonicOS administration entry. With immediately’s replace, the corporate is warning that CVE-2024-40766 additionally impacts the firewall’s SSLVPN characteristic.

Apply patches as quickly as potential

The listing of impacted merchandise and variations, in addition to the releases that handle CVE-2024-40766, are summarized as follows:

  • SonicWall Gen 5 working SonicOS model 5.9.2.14-12o and older – fastened in SonicOS model 5.9.2.14-13o
  • SonicWall Gen 6 working SonicOS model 6.5.4.14-109n and older – fastened in 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) and model 6.5.4.15-116n (for different Gen 6 Firewalls)
  • SonicWall Gen 7 working SonicOS model 7.0.1-5035 and older – not reproducible in 7.0.1-5035 and later.

Table

The most recent mitigation suggestions by SonicWall embrace:

  1. Restrict firewall administration to trusted sources and disable web entry to the WAN administration portal if potential.
  2. Limit SSLVPN entry to trusted sources solely and disable it solely if not wanted.
  3. For Gen 5 and Gen 6 gadgets, SSLVPN customers with native accounts ought to replace their passwords instantly and directors ought to allow the “User must change password” possibility for native customers.
  4. Allow multi-factor authentication (MFA) for all SSLVPN customers utilizing TOTP or email-based one-time passwords (OTPs). Extra info on tips on how to configure this measure is out there right here.

Whereas SonicWall has not shared how the flaw is being actively exploited, comparable flaws have been used previously to achieve preliminary entry to company networks.

Risk actors generally goal SonicWall as they’re uncovered to the web to supply distant VPN entry.

In March 2023, suspected Chinese language hackers (UNC4540) focused unpatched SonicWall Safe Cell Entry (SMA) gadgets to put in customized malware that continued by firmware upgrades.

BleepingComputer contacted SonicWall to be taught extra about how the flaw is being actively exploited in assaults, however a response was not instantly out there.

Recent articles