About the Vulnerability

Introduction

SonicWALL SonicOS is the operating system for the SonicWALL firewall, a network security device. It offers comprehensive network security features, designed specifically for enterprise networks to effectively resist complex cyber attacks and ensure network performance. SonicOS excels in security, firewall management, VPN connections, and is the core component of the SonicWALL firewall series of devices.

Summary

On September 11, 2024, Sangfor FarSight Labs received notification that an SonicWALL SonicOS component contains information of Access Control Flaw Vulnerability (CVE-2024-40766), classified as high in threat level.

SonicWALL SonicOS is an operating system designed specifically for SonicWALL firewall devices by the American company SonicWALL. There is an access control vulnerability in SonicWALL SonicOS, which stems from allowing unauthorized resource access and can cause the firewall to crash under certain conditions.

Affected Versions

SOHO (Gen 5) ≤ 5.9.2.14-12o

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤m6.5.4.14-109n

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤ 7.0.1-5035

Solutions

Remediation Solutions

Official Solution

Temporary Remediation Solution:

It is recommended to restrict firewall and SSL VPN management to trusted sources, or disable Internet access for firewall and SSL VPN WAN management.

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-restrict-admin-access-to-the-device/170503259079248

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/17050560928513

Affected users are recommended to contact the official and obtain the latest patch

Download link: https://www.sonicwall.com/support/contact-support

Timeline

On September 11, 2024, Sangfor FarSight Labs received notification of SonicWALL SonicOS Access Control Flaw vulnerability.

On September 11, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://cxsecurity.com/cveshow/CVE-2024-40766/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-38063: Windows TCP/IP Remote Execution Code Vulnerability

Date : 09 Sep 2024
Read Now

What is Brain Cipher? The Ransomware that Took Down the Indonesian National Data Center

Date : 01 Jul 2024
Read Now

XZ Utils Supply Chain Compromise

Date : 15 Apr 2024
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall