SonicWall warns of critical access control flaw in SonicOS

Share:

SonicWall’s SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash.

The flaw has received the identifier CVE-2024-40766 and a severity score of 9.3 according to the CVSS v3 standard, based on its network-based attack vector, low complexity, no authentication, and no user interaction requirements.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash,” reads SonicWall’s bulletin.

“This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”

Specific models impacted are:

  • Gen 5: SOHO devices running version 5.9.2.14-12o and older
  • Gen 6: Various TZ, NSA, and SM models running versions 6.5.4.14-109n and older
  • Gen 7: TZ and NSA models running SonicOS build version 7.0.1-5035 and older
Models impacted by CVE-2024-40766
Models impacted by CVE-2024-40766
Source: SonicWall

It is recommended that system administrators move to the below versions, which address CVE-2024-40766:

  • For Gen 5: Version 5.9.2.14-13o
  • For Gen 6: Version 6.5.4.15.116n
  • For SM9800, NSsp 12400, and NSsp 12800, version 6.5.2.8-2n is safe
  • For Gen 7: Any SonicOS firmware version higher than 7.0.1-5035

The security updates have been made available for download through mysonicwall.com.

Those who cannot apply the fixes immediately are recommended to restrict firewall management access to trusted sources or disable WAN management access from the internet. More information on how to do this can be found on SonicWall’s help page.

SonicWall firewalls are widely used in a broad range of mission-critical industries and corporate environments and are commonly targeted by threat actors to gain initial access to corporate networks.

In March 2023, suspected Chinese hackers tracked as UNC4540 attacked SonicWall Secure Mobile Access (SMA) appliances with custom malware that could persist through firmware upgrades.

The US Cybersecurity & Infrastructure Security Agency (CISA) has warned about active exploitation of flaws impacting SonicWall appliances since 2022.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
11:54 am, Jul 11, 2025
weather icon 29°C
L: 27° | H: 31°
few clouds
Humidity: 44 %
Pressure: 1020 mb
Wind: 7 mph E
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 13%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:56 am
Sunset: 9:15 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
27° | 31°°C 0 mm 0% 8 mph 47 % 1020 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
Sun Jul 13 10:00 pm
weather icon
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mon Jul 14 10:00 pm
weather icon
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Tue Jul 15 10:00 pm
weather icon
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 1:00 pm
weather icon
29° | 29°°C 0 mm 0% 3 mph 44 % 1020 mb 0 mm/h
Today 4:00 pm
weather icon
29° | 31°°C 0 mm 0% 5 mph 39 % 1019 mb 0 mm/h
Today 7:00 pm
weather icon
28° | 28°°C 0 mm 0% 5 mph 33 % 1018 mb 0 mm/h
Today 10:00 pm
weather icon
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
weather icon
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
weather icon
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
weather icon
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
weather icon
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€100,951.88
6.41%
Ethereum(ETH)
€2,570.45
8.07%
Tether(USDT)
€0.85
0.01%
XRP(XRP)
€2.26
8.40%
Solana(SOL)
€140.95
4.52%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.170470
10.12%
Shiba Inu(SHIB)
€0.000012
7.69%
Pepe(PEPE)
€0.000011
15.18%
Peanut the Squirrel(PNUT)
€0.250006
20.15%
Scroll to Top