WARNING: CRITICAL IMPROPER ACCESS CONTROL VULNERABILITY IN SONICOS PRODUCTS, PATCH IMMEDIATELY!
CVE-2024-40766 / CVSS 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)
Sources
SonicWall: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Risks
The vulnerability can allow an attacker to gain unauthorized access to resources of the firewall and in some cases cause it to crash. It has a high impact on confidentiality and in some cases can have an impact on the availability of the firewall. The attack can happen remotely.
Threat actors have been observed in the past targeting SonicWall appliances with malware that persists through firmware upgrades. Given the criticality of this appliances and the fact that these types of devices are often targeted by threat actors, it is highly advised to patch this vulnerability.
The vulnerability has been reported as actively exploited in the wild! Update your systems immediately!
Description
SonicWall has disclosed a critical improper access control vulnerability in SonicOS, the operating system for their firewall products.
The vulnerability affects SonicWall Firewall Gen 5, Gen 6 and Gen 7 devices for which updates are available.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Bleeping Computer: https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos