Tag :
Cyber Security

About the Vulnerability

Introduction

SonicWALL SonicOS is the operating system for the SonicWALL firewall, a network security device. It offers comprehensive network security features, designed specifically for enterprise networks to effectively resist complex cyber attacks and ensure network performance. SonicOS excels in security, firewall management, VPN connections, and is the core component of the SonicWALL firewall series of devices.

Summary

On September 11, 2024, Sangfor FarSight Labs received notification that an SonicWALL SonicOS component contains information of Access Control Flaw Vulnerability (CVE-2024-40766), classified as high in threat level.

SonicWALL SonicOS is an operating system designed specifically for SonicWALL firewall devices by the American company SonicWALL. There is an access control vulnerability in SonicWALL SonicOS, which stems from allowing unauthorized resource access and can cause the firewall to crash under certain conditions.

Affected Versions

SOHO (Gen 5) ≤ 5.9.2.14-12o

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤m6.5.4.14-109n

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤ 7.0.1-5035

Solutions

Remediation Solutions

Official Solution

Temporary Remediation Solution:

It is recommended to restrict firewall and SSL VPN management to trusted sources, or disable Internet access for firewall and SSL VPN WAN management.

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-restrict-admin-access-to-the-device/170503259079248

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/17050560928513

Affected users are recommended to contact the official and obtain the latest patch

Download link: https://www.sonicwall.com/support/contact-support

Timeline

On September 11, 2024, Sangfor FarSight Labs received notification of SonicWALL SonicOS Access Control Flaw vulnerability.

On September 11, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://cxsecurity.com/cveshow/CVE-2024-40766/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-38063: Windows TCP/IP Remote Execution Code Vulnerability

Date : 09 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail