Critical SonicWall Firewall Vulnerability Exploited in Ransomware Attacks
Summary
OEM | SonicWall |
Severity | Critical |
Date of Announcement | 2024-09-06 |
CVSS Score | 9.3 |
CVE | CVE-2024-40766 |
CWE | CWE-284 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
A critical vulnerability in SonicWall SonicOS management access and SSLVPN, tracked as CVE-2024-40766, has been identified and potentially exploited in ransomware attacks. The vulnerability affects SonicWall firewalls (Gen 5, Gen 6, and Gen 7) and involves improper access control, which could allow unauthorized resource access or trigger a firewall crash. The Akira and other ransomware group is suspected of using this flaw to gain initial access to compromised systems.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
SonicOS Improper Access Control Vulnerability | CVE-2024-40766 | SOHO (Gen 5), Gen7 Firewalls | Critical | 9.3 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-40766 | Affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | The SonicWall SSLVPN vulnerability (CVE-2024-40766) involves an improper access control issue within SonicOS, specifically targeting the management access and SSLVPN functionality of the firewall. This flaw allows an unauthenticated attacker to gain unauthorized access to critical resources or cause a firewall crash by bypassing security restrictions. | Potential unauthorized access to SonicWall firewalls, leading to resource exposure or system crashes. |
Remediation
SonicWall has released patches to address CVE-2024-40766. Organizations are urged to apply these patches immediately to mitigate the risk of exploitation.
Here is the below table for fixed Platforms with the impacted versions along with fixed versions:
Impacted Platform | Impacted Versions | Fixed Versions |
SOHO (Gen 5) | 5.9.2.14-12o and older versions | 5.9.2.14-13o |
Gen6 Firewalls | 6.5.4.14-109n and older versions | 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) 6.5.4.15.116n (for other Gen6 Firewall appliances) |
Gen7 FirewallsGen7 Firewalls | SonicOS build version 7.0.1-5035 and older versions. However, SonicWall recommends you install the latest firmware. | This vulnerability is not reproducible in SonicOS firmware version higher than 7.0.1-5035. However, SonicWall recommends you install the latest firmware. |
General Recommendations:
- Limit management and SSLVPN access to trusted sources and disable WAN management portal internet access as an additional safeguard.
- SonicWall strongly advises that customers using GEN5 and GEN6 firewalls with SSLVPN users should update their credentials as a precaution.
- Enforce multi-factor authentication (MFA) for all SSLVPN users to reduce the risk of unauthorized access.
- Continuously monitor for signs of compromise, especially for abnormal activities related to SonicWall devices.
- Regularly monitor for suspicious login attempts from unusual locations or IP addresses, and block any that are identified.
- Additionally, if there is any unauthorized access to the SonicWall management interface, take steps to block those access points as well.