SonicWall Issues Urgent Patch for Critical Firewall Vulnerability (CVE-2024-40766)

by do son · Published August 22, 2024 · Updated August 25, 2024

SonicWall, a prominent network security provider, has released a security advisory warning users of a critical vulnerability (CVE-2024-40766) affecting their SonicOS operating system. The vulnerability, which carries a CVSS score of 9.3, could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise.

The vulnerability stems from an improper access control issue in the SonicOS management interface. An attacker could exploit this flaw to gain unauthorized access to sensitive information or even execute arbitrary code on the affected device. In certain scenarios, the vulnerability could also cause the firewall to crash, disrupting network connectivity and leaving organizations vulnerable to further attacks.

The vulnerability impacts a wide range of SonicWall firewall products, including Gen 5, Gen 6, and some Gen 7 devices running specific SonicOS versions.

To mitigate the potential impact of CVE-2024-40766, SonicWall strongly recommends that organizations immediately apply the latest firmware updates available on the SonicWall portal (mysonicwall.com). In the interim, SonicWall advises restricting firewall management access to trusted sources or disabling WAN management access from internet sources. For detailed instructions on how to restrict admin access, SonicWall provides guidance on their support knowledge base.