SonicWall has released security fixes to address a critical vulnerability impacting its firewalls. This vulnerability could provide malicious actors access to the devices without authorization if it is exploited.
In order to address a serious vulnerability affecting its firewalls, SonicWall has published security patches. If properly exploited, this flaw might allow bad actors to gain unauthorized access to the devices.
The vulnerability has been classified as an inappropriate access control flaw and is tracked as CVE-2024-40766 (CVSS score: 9.3).
“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash,” the business stated in an alert issued last week.
“This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”
The following versions have addressed the issue:
Gen 6 Firewalls: 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for additional Gen 6 Firewall appliances) SOHO (Gen 5 Firewalls): 5.9.2.14-13o
Although it is advised that customers upgrade the most recent firmware, SonicWall stated that the vulnerability cannot be replicated in SonicOS firmware versions greater than 7.0.1-5035.
The vendor of networking equipment does not disclose the vulnerability that is being used in the wild. Having said that, users must act immediately to apply the fixes in order to protect themselves from any dangers.
If users are unable to deploy the patch right away, they should stop firewall WAN management access from online sources or limit firewall management access to reliable sources.
An unpatched SonicWall Secure Mobile Access (SMA) 100 appliance was the target of a suspected China-nexus threat actor, UNC4540, according to Google-owned Mandiant last year. The threat actor’s goal was to drop Tiny Shell and establish long-term persistence.
In an effort to evade detection, a number of activity clusters associated with China have progressively refocused their efforts to leverage edge infrastructure for target breaches and primary remote access.
Among these is an intrusion set known as Velvet Ant, which was uncovered recently. It uses a zero-day attack against Cisco Switch appliances to spread a new virus known as VELVETSHELL, which is a modified mix of Tiny SHELL and 3proxy.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
