On 22 August 2024, SonicWall published a security advisory regarding a critical improper access control vulnerability in several SonicWall Firewall models. This vulnerability, identified as CVE-2024-40766, is a flaw in SonicOS, the operating system that powers these firewalls. CVE-2024-40766 allows a remote, unauthenticated attacker to gain unauthorised access to resources and/or cause the firewall to crash under specific conditions.
Arctic Wolf has not observed any exploitation of this vulnerability in the wild, and there are no known published Proof of Concept (PoC) exploits at this time. SonicWall firewalls, widely used in corporate environments, have frequently been targeted by threat actors, as noted in CISA’s Known Exploited Vulnerabilities Catalog. Given this history and the potential access this new vulnerability could provide, it is likely to be targeted by threat actors in the near future.
Recommendation for CVE-2024-40766
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Platform | Fixed Version |
| SonicWall Firewall | SOHO (Gen 5) | 5.9.2.14-13o |
| Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W |
|
|
| Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 1370 | While this vulnerability have not been reproduced in SonicOS firmware versions higher than 7.0.1-5035, SonicWall still recommends installing the latest firmware. |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
Workaround (Optional)
For users unable to patch immediately, SonicWall recommends restricting firewall management access to trusted sources or disabling WAN management access from the internet. Detailed guidance on restricting SonicOS admin access can be found in their guide. Arctic Wolf strongly encourages applying the latest patch as soon as possible, which is available for download on mysonicwall.com.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
