SonicWall warns of critical access control flaw in SonicOS

SonicWall’s SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash.

The flaw has received the identifier CVE-2024-40766 and a severity score of 9.3 according to the CVSS v3 standard, based on its network-based attack vector, low complexity, no authentication, and no user interaction requirements.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash,” reads SonicWall’s bulletin.

“This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”

Specific models impacted are:

Gen 5: SOHO devices running version 5.9.2.14-12o and older
Gen 6: Various TZ, NSA, and SM models running versions 6.5.4.14-109n and older
Gen 7: TZ and NSA models running SonicOS build version 7.0.1-5035 and older

**Models impacted by CVE-2024-40766**
*Source: SonicWall*

It is recommended that system administrators move to the below versions, which address CVE-2024-40766:

For Gen 5: Version 5.9.2.14-13o
For Gen 6: Version 6.5.4.15.116n
For SM9800, NSsp 12400, and NSsp 12800, version 6.5.2.8-2n is safe
For Gen 7: Any SonicOS firmware version higher than 7.0.1-5035

The security updates have been made available for download through mysonicwall.com.

Those who cannot apply the fixes immediately are recommended to restrict firewall management access to trusted sources or disable WAN management access from the internet. More information on how to do this can be found on SonicWall’s help page.

SonicWall firewalls are widely used in a broad range of mission-critical industries and corporate environments and are commonly targeted by threat actors to gain initial access to corporate networks.

In March 2023, suspected Chinese hackers tracked as UNC4540 attacked SonicWall Secure Mobile Access (SMA) appliances with custom malware that could persist through firmware upgrades.

The US Cybersecurity & Infrastructure Security Agency (CISA) has warned about active exploitation of flaws impacting SonicWall appliances since 2022.

Leave a Comment Cancel Reply

London, GB

11:42 pm, Mar 26, 2025

9°C

L: 7° | H: 10°

Feels like 7°C° clear sky

Humidity: 81 %

Pressure: 1024 mb

Wind: 5 mph SW

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 9%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 5:49 am

Sunset: 6:22 pm

DailyHourly

Daily ForecastHourly Forecast

Tomorrow 9:00 pm

7° | 10°°C 0 mm 0% 9 mph 88 % 1024 mb 0 mm/h

Fri Mar 28 9:00 pm

7° | 11°°C 1 mm 100% 12 mph 91 % 1015 mb 0 mm/h

Sat Mar 29 9:00 pm

4° | 12°°C 0 mm 0% 10 mph 81 % 1025 mb 0 mm/h

Sun Mar 30 9:00 pm

5° | 14°°C 0 mm 0% 8 mph 76 % 1029 mb 0 mm/h

Mon Mar 31 9:00 pm

9° | 17°°C 0 mm 0% 4 mph 84 % 1030 mb 0 mm/h

Tomorrow 12:00 am

9° | 10°°C 0 mm 0% 4 mph 80 % 1024 mb 0 mm/h

Tomorrow 3:00 am

9° | 9°°C 0 mm 0% 4 mph 84 % 1024 mb 0 mm/h

Tomorrow 6:00 am

8° | 8°°C 0 mm 0% 4 mph 88 % 1023 mb 0 mm/h

Tomorrow 9:00 am

11° | 11°°C 0 mm 0% 6 mph 68 % 1023 mb 0 mm/h

Tomorrow 12:00 pm

16° | 16°°C 0 mm 0% 7 mph 50 % 1020 mb 0 mm/h

Tomorrow 3:00 pm

17° | 17°°C 0 mm 0% 9 mph 45 % 1018 mb 0 mm/h

Tomorrow 6:00 pm

15° | 15°°C 0 mm 0% 8 mph 61 % 1017 mb 0 mm/h

Tomorrow 9:00 pm

11° | 11°°C 0 mm 0% 8 mph 76 % 1017 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€80,853.27	-0.70%
Ethereum(ETH)	€1,865.66	-2.88%
Tether(USDT)	€0.93	-0.01%
XRP(XRP)	€2.18	-4.28%
Solana(SOL)	€127.28	-4.92%
USDC(USDC)	€0.93	0.00%
Dogecoin(DOGE)	€0.181418	2.53%
Shiba Inu(SHIB)	€0.000013	2.86%
Pepe(PEPE)	€0.000008	6.62%
Peanut the Squirrel(PNUT)	€0.214428	7.85%

SonicWall warns of critical access control flaw in SonicOS

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us