The flaw can be exploited to gain unauthorized access, and in certain conditions, cause the company’s firewalls to crash.
The post SonicWall pushes patch for critical vulnerability in SonicOS platform appeared first on CyberScoop.
Network security company SonicWall has identified a critical vulnerability in its SonicOS platform that can be exploited to gain unauthorized access, and in certain conditions, cause the company’s firewalls to crash.
In a security advisory issued Thursday, the company gives the vulnerability (tracked as CVE-2024-40766) a CVSS score of 9.3. The related entry in the National Vulnerability Database does not have a score assigned as of this article’s publication.
SonicWall says the issue affects its Gen 5 and Gen 6 firewall devices, as well as Generation 7 firewall devices that are operating on SonicOS version 7.0.1-5035 and earlier.
A company representative told CyberScoop that all potential customers and partners have been notified, and patches have been released. Security teams can further reduce risk by limiting SonicOS access to trusted accounts, or turning off the ability to manage firewall devices over the internet.
In the past, threat actors have targeted unpatched SonicWall vulnerabilities for various schemes. In March 2023, Mandiant detected a suspected Chinese campaign using malware on unpatched SonicWall Secure Mobile Access (SMA) appliances to steal user credentials, provide shell access, and persist through firmware upgrades. The company has also warned in the past that unpatched security appliances have been targeted in attempted ransomware attacks.
Below is a list of the affected products:
PLATFORM | VERSION |
SOHO (Gen 5) | 5.9.2.14-13o |
Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W | 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) 6.5.4.15.116n (for other Gen6 Firewall appliances) |
Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 | This vulnerability is not reproducible in SonicOS firmware version higher than 7.0.1-5035. However SonicWall recommends you install the latest firmware. |
You can read the full SonicWall advisory in the company’s security information hub.
The post SonicWall pushes patch for critical vulnerability in SonicOS platform appeared first on CyberScoop.
Source: CyberScoop
Source Link: https://cyberscoop.com/sonicwall-sonicos-firewall-cve-2024-40766/