Security Bulletin: SonicWall SSLVPN Exploit Released

Sonicwall

SonicWall is urging administrators to apply patches for a recently discovered access control vulnerability tracked as CVE-2024-40766, which may already be exploited in the wild. The flaw, affecting SonicWall Firewall Gen 5, Gen 6, and some Gen 7 devices, poses a serious threat to network security, with a critical CVSS score of 9.3.

The vulnerability was initially disclosed on August 22, 2024, and affects the SonicOS management access. However, recent updates reveal that the flaw also impacts the SSLVPN feature on these firewalls. Left unpatched, this vulnerability can allow unauthorized resource access and even crash the firewall, disabling critical network protections.

Affected Products and Versions:

SonicWall has released patches for the following affected products and versions:

  • SonicWall Gen 5 running SonicOS version 5.9.2.14-12o and older – fixed in SonicOS version 5.9.2.14-13o
  • SonicWall Gen 6 running SonicOS version 6.5.4.14-109n and older – fixed in 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) and version 6.5.4.15-116n (for other Gen 6 Firewalls)
  • SonicWall Gen 7 running SonicOS version 7.0.1-5035 and older – not reproducible in 7.0.1-5035 and later.

The latest patches are available for download at mysonicwall.com.

Mitigation Recommendations:

SonicWall recommends the following steps to protect your systems:

  1. Limit firewall management to trusted sources, and disable internet access to the WAN management portal where possible.
  2. Restrict SSLVPN access to trusted sources and disable it entirely if it’s not required.
  3. For Gen 5 and Gen 6 devices, local SSLVPN users should immediately update their passwords, and admins should enforce the "User must change password" option.
  4. Enable multi-factor authentication (MFA) for all SSLVPN users, using TOTP or email-based one-time passwords (OTPs).

While the details on how this flaw is being exploited remain unclear, similar vulnerabilities have been exploited by threat actors in the past. In March 2023, suspected Chinese hackers targeted unpatched SonicWall Secure Mobile Access (SMA) devices to install custom malware that persisted even through firmware upgrades.

With the increasing risk of targeted attacks on network infrastructure, SonicWall urges administrators to patch this vulnerability immediately to mitigate potential risks.

For more detailed information, visit SonicWall’s advisory, or refer to the original coverage by Bleeping Computer.