SonicWall has advised that a recently discovered critical vulnerability in several of its firewalls that run SonicOS is ‘potentially’ being exploited.
The flaw, designated CVE-2024-40766, is described as an improper access control vulnerability that could potentially allow threat actors to access resources without authorization and/or cause the affected device to crash. SonicWall released a patch for CVE-2024-40766 in late August 2024, shortly after it was discovered.
Until now, SonicWall hasn’t provided any indication as to whether the vulnerability was being actively exploited or if proof-of-concept exploit code was publicly available. Today’s announcement would indicate that SonicWall is aware of some exploitation, but to what extent the company is remaining tight-lipped.
Instead, SonicWall is advising impacted users to install the relevant updates as soon as possible. Users who can’t apply updates immediately are encouraged to restrict management access of the device to local, trusted sources.
Source: The Hacker News
Analysis
While it’s unclear what SonicWall means by ‘potentially’ exploited, Field Effect can confirm that we have seen an increased targeting of SonicWall firewalls since CVE-2024-40766 was announced on August 23.
However, further investigation is required to determine if threat actors are specifically targeting CVE-2024-40766 or other, older, unpatched vulnerabilities. Traditionally, when vendors disclose critical vulnerabilities in edge devices, it draws the attention of threat actors toward the devices in general and that could be what we have observed in relation to the SonicWall firewalls.
SonicWall firewalls are very popular among critical infrastructure industries and corporate environments and are thus frequently targeted by threat actors looking to obtain initial access into networks of interest. According to the Shadow Server Foundation, approximately 400,000 SonicWall deployments are deployed worldwide, representing a significant potential attack surface for threat actors who possess SonicWall exploits.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in firewalls like SonicWall. Field Effect MDR users are automatically notified if vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of the affected SonicWall firewall versions update to the latest version as soon as possible, in accordance with the updated advisory.
Related Articles
