Article Details

SonicWall SSLVPN access control flaw is now exploited in attacks. SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. "This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com," warns the updated SonicWall advisory. CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw impacting SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices. The software vendor did not disclose much information about the flaw other than its potential for unauthorized resource access and ability to crash the firewall, thus eliminating network protections. When SonicWall first disclosed the flaw on August 22, 2024, the flaw was only believed to be in the SonicWall SonicOS management access. With today's update, the company is warning that CVE-2024-40766 also impacts the firewall's SSLVPN feature. Apply patches as soon as possible The list of impacted products and versions, as well as the releases that address CVE-2024-40766, are summarized as follows: The latest mitigation recommendations by SonicWall include: While SonicWall has not shared how the flaw is being actively exploited, similar flaws have been used in the past to gain initial access to corporate networks. Threat actors commonly target SonicWall as they are exposed to the internet to provide remote VPN access. In March 2023, suspected Chinese hackers (UNC4540) targeted unpatched SonicWall Secure Mobile Access (SMA) devices to install custom malware that persisted through firmware upgrades. BleepingComputer contacted SonicWall to learn more about how the flaw is being actively exploited in attacks, but a response was not immediately available.