Updates have been issued by SonicWall to patch a critical improper access control vulnerability in the SonicOS software used by several of its firewalls, tracked as CVE-2024-40766, which could be leveraged to facilitate unauthorized device access, The Hacker News reports.
Attackers could exploit the issue — which affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 firewalls with SonicOS 7.0.1-5035 and older iterations — to achieve "unauthorized resource access and in specific conditions, causing the firewall to crash," said SonicWall in an advisory. Aside from urging the immediate application of the patch, SonicWall also recommended the usage of the latest firmware in devices running on SonicOS firmware higher than 7.0.1-5035, while advising firewall management access and firewall WAN management access restrictions for those that cannot promptly address their vulnerable firewalls. Such a development comes just days after China-linked threat operation Velvet Ant was reported to have exploited a Cisco Switch zero-day to facilitate the deployment of the novel VELVETSHELL malware.
