Vulnerability Management, Patch/Configuration Management

Critical SonicWall SonicOS vulnerability fixed

Updates have been issued by SonicWall to patch a critical improper access control vulnerability in the SonicOS software used by several of its firewalls, tracked as CVE-2024-40766, which could be leveraged to facilitate unauthorized device access, The Hacker News reports.

Attackers could exploit the issue — which affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 firewalls with SonicOS 7.0.1-5035 and older iterations — to achieve "unauthorized resource access and in specific conditions, causing the firewall to crash," said SonicWall in an advisory. Aside from urging the immediate application of the patch, SonicWall also recommended the usage of the latest firmware in devices running on SonicOS firmware higher than 7.0.1-5035, while advising firewall management access and firewall WAN management access restrictions for those that cannot promptly address their vulnerable firewalls. Such a development comes just days after China-linked threat operation Velvet Ant was reported to have exploited a Cisco Switch zero-day to facilitate the deployment of the novel VELVETSHELL malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds