SonicWall has released patch for a critical vulnerability affecting their SonicOS and could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise.
The vulnerability tracked as CVE-2024-40766 with a CVSS score of 8.6, stems from an improper access control issue in the SonicOS management interface. An attacker could exploit this flaw to gain unauthorized access to sensitive information or even execute arbitrary code on the affected device.
Even the vulnerability could also cause the firewall to crash, disrupting network connectivity and leaving organizations vulnerable to further attacks.
The vulnerability impacts a wide range of SonicWall firewall products, including Gen 5, Gen 6, and some Gen 7 devices running specific SonicOS versions.
SonicWall strongly recommends that organizations immediately apply the latest firmware updates available on the SonicWall portal.
As an immediate mitigation, SonicWall advises restricting firewall management access to trusted sources or disabling WAN management access from internet sources.
