SonicWall Urges Immediate Patch for Critical Firewall Flaw Amid Possible Active Exploitation

SonicWall has issued a crucial alert to its users, urging them to patch a recently identified critical vulnerability in its SonicOS software, which may already be under active exploitation. The flaw, tracked as CVE-2024-40766, has been assigned a CVSS score of 9.3, highlighting its severity. This vulnerability could allow unauthorized access to sensitive resources and, in some cases, even cause the firewall to crash.

CVE-2024-40766: A High-Risk Vulnerability in SonicOS

The vulnerability stems from improper access control within SonicWall’s SonicOS management interface and SSLVPN features. If exploited, it could provide malicious actors with unauthorized access to network resources or disrupt firewall operations. Given its critical nature, SonicWall has released patches for the following affected versions:

• SOHO (Gen 5 Firewalls): 5.9.2.14-13o
• Gen 6 Firewalls:
  • 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800)
  • 6.5.4.15.116n (for other Gen 6 appliances)

In an updated advisory, SonicWall disclosed that the vulnerability might be actively exploited in the wild. As a result, the company is urging users to apply patches immediately to protect their systems.

Urgent Mitigation Steps

For users unable to apply the patches immediately, SonicWall recommends several temporary mitigation strategies to minimize the risk of exploitation:

1. Restrict Firewall Management Access: Limit management access to trusted sources or disable WAN management from the internet.
2. SSLVPN Access: Restrict access to SSLVPN features by allowing only trusted sources, or disable internet access to SSLVPN altogether.
3. Enable Multi-Factor Authentication (MFA): Enforce MFA for all SSLVPN users, especially those using one-time passwords (OTPs), to add an additional layer of protection.
4. Update Passwords: Users of Gen 5 and Gen 6 firewalls with SSLVPN accounts managed locally should immediately update their passwords to prevent unauthorized access.

Potential Exploitation in the Wild

Although no specific details have been provided on how the vulnerability may have been weaponized, SonicWall’s advisory references the possibility of active exploitation. In the past, Chinese threat actors have targeted unpatched SonicWall appliances to maintain long-term access, making it critical for organizations to respond promptly.

Given the vulnerability’s potential impact and the risk of unauthorized access, SonicWall’s call to action is clear: patching affected systems and implementing recommended mitigations should be a top priority for all users to ensure network security and prevent exploitation.

In today’s cybersecurity landscape, such vulnerabilities serve as a reminder that timely patching and strong access controls are essential defenses against persistent threats.