SonicWall firewall is vulnerable to a critical severity flaw, which may allow attackers to gain unauthorized access to the devices. Tracked as CVE-2024-40766, the vulnerability has a CVSS score of 9.3.
SonicOS runs on SonicWall network security appliances (firewalls) and provides a web management interface for configuring features, policies, security services, and more.
A quick search revealed more than 15,000 targets on Fofa at the time of writing.
Image Source: Fofa
Vulnerability Details
SonicWall described the vulnerability as an improper access control one. Improper access control is a vulnerability that occurs when a system doesn’t properly restrict access to resources, allowing unauthorized users to access systems or data they shouldn’t have access to.
CVE-2024-40766 exists in the SonicOS management access. On successful exploitation, an attacker may gain unauthorized resource access. In specific conditions, the vulnerability may cause the firewall to crash.
Affected Platforms and Versions
| Impacted Platforms | Impacted Versions |
| SOHO (Gen 5) | 5.9.2.14-12o and older versions |
| Gen6 Firewals -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W | 6.5.4.14-109n and older versions |
| Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 | SonicOS build version 7.0.1-5035 and older versions. However, SonicWall recommends installing the latest firmware. |
Mitigation
| Fixed Platforms | Fixed Versions |
| SOHO (Gen 5) | 5.9.2.14-13o |
| Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W | 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) 6.5.4.15.116n (for other Gen6 Firewall appliances) |
| Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 | This vulnerability is not reproducible in SonicOS firmware version higher than 7.0.1-5035. However, SonicWall recommends installing the latest firmware. |
For more information, please refer to the SonicWall Security Advisory.
Workaround
To minimize potential impact, please restrict firewall management access to trusted sources or restrict firewall WAN management access from Internet sources.
For more information, please refer to the SonicWall Document.
Qualys Detection
Qualys customers can scan their devices with QID 731723 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
