SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild
On September 5, 2024, SonicWall updated its security advisory with an urgent warning: CVE-2024-40766, a critical access control vulnerability within SonicOS, is being actively exploited by cybercriminals in the wild. Originally published on August 23, the advisory describes how the flaw can allow attackers to gain unauthorized access to sensitive resources or even crash the firewall itself, affecting numerous devices across generations of SonicWall’s popular firewalls.
Identified as CVE-2024-40766, the vulnerability has earned a severity score of 9.3 under the CVSS v3 standard. The flaw is classified as “improper access control,” meaning that it bypasses security mechanisms meant to restrict access to resources. Its network-based attack vector, combined with its low complexity and lack of requirements for authentication or user interaction, make it especially dangerous for organizations relying on SonicWall firewalls for their security perimeter.
This flaw affects multiple generations of SonicWall firewalls, specifically:
- Gen 5 devices: SOHO running version 5.9.2.14-12o and earlier.
- Gen 6 devices: Various TZ, NSA, and SM models running SonicOS versions 6.5.4.14-109n and earlier.
- Gen 7 devices: TZ and NSA models running SonicOS 7.0.1-5035 and earlier.
This flaw allows unauthorized users to access restricted resources, potentially leaking sensitive information, and in some cases, can cause the firewall to crash, leaving networks vulnerable to further exploitation.
SonicWall has issued patches to address the CVE-2024-40766 vulnerability. System administrators are urged to update their firmware immediately to protect their networks. The safe versions are as follows:
- Gen 5 devices: SonicOS 5.9.2.14-13o
- Gen 6 devices: SonicOS 6.5.4.15.116n
- SM9800, NSsp 12400, and NSsp 12800 models: SonicOS 6.5.2.8-2n
- Gen 7 devices: Any SonicOS version newer than 7.0.1-5035
Updates are available through the SonicWall customer portal at mysonicwall.com, where registered users can download the latest firmware.
For organizations unable to immediately update their firmware, SonicWall has provided interim mitigation steps. These include limiting firewall management access to trusted sources or disabling firewall WAN management and SSLVPN access from the internet. This will reduce the attack surface until a patch can be applied.
SonicWall also advises users of Gen 5 and Gen 6 devices with locally managed accounts to change their passwords and enable mandatory password resets to prevent unauthorized access. Multifactor authentication (MFA), including Time-Based One-Time Password (TOTP) or email-based OTP, is strongly recommended for all SSLVPN users.
Steps for Password Security:
- For Gen 5 devices: Navigate to Users > Local Users in SonicOS 5.9, as outlined on pages 1340 and 1341 of the SonicOS Administrators Guide.
- For Gen 6 devices: Navigate to MANAGE | System Setup > Users > Local Users & Groups, as detailed on pages 227 and 228 of the SonicOS 6.5 System Setup Administration Guide.
