August 26, 2024 at 09:12AM
SonicWall warns about a critical vulnerability in its SonicOS network security appliances, tracked as CVE-2024-40766. The flaw could allow unauthorized access and firewall crashes. It affects SonicWall Gen 5, Gen 6, and Gen 7 firewalls, with updates available for affected versions. Customers are urged to patch their systems promptly due to potential exploitation.
Key takeaways from the meeting notes are as follows:
– SonicWall has warned customers about a critical vulnerability in its SonicOS network security appliance operating system that can result in unauthorized access or a firewall crash.
– The vulnerability, tracked as CVE-2024-40766, is described as an improper access control issue in SonicWall’s SonicOS management access, potentially leading to unauthorized resource access and causing the firewall to crash under specific conditions.
– The impacted SonicWall firewall versions include Gen 5, Gen 6, and Gen 7, with updates available for each affected version.
– For Gen7 products, the issue could not be reproduced on firmware versions higher than 7.0.1-5035, but users are still advised to install the latest version.
– Although there is no mention of in-the-wild exploitation, it is important for customers to patch their SonicOS instances promptly, given previous instances of threat actors exploiting SonicWall product vulnerabilities.
– The report mentions a previous instance of sophisticated malware, believed to be of Chinese origin, being identified on a SonicWall appliance.
– Additionally, there have been reports of vulnerabilities in SonicWall’s GMS, Analytics products, and critical vulnerabilities in firewall appliances.
Let me know if you need any further assistance on this topic!