SonicWall has released essential security updates to address a critical vulnerability in its firewall devices, which, if exploited, could allow malicious actors unauthorized access. The flaw, identified as CVE-2024-40766 with a CVSS score of 9.3, is described as an improper access control bug.
According to an advisory released by the company last week, the vulnerability affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS version 7.0.1-5035 and older. The issue could potentially lead to unauthorized resource access and, in specific scenarios, cause the firewall to crash.
The vulnerability has been fixed in the following versions:
- SOHO (Gen 5 Firewalls): 5.9.2.14-13o
- Gen 6 Firewalls: 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)
SonicWall emphasized that the vulnerability does not exist in SonicOS firmware versions higher than 7.0.1-5035 but strongly advises users to update to the latest firmware to ensure protection.
While there is no current evidence of this flaw being exploited in the wild, users are urged to apply the patches immediately to mitigate potential risks.
This comes after last year’s revelations by Google-owned Mandiant about a suspected China-nexus threat actor, UNC4540, targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances. The actor used these vulnerabilities to deploy Tiny SHell malware and establish long-term persistence.
Additionally, China-linked activity clusters, such as the recently uncovered Velvet Ant group, have increasingly focused on exploiting edge infrastructure to maintain remote access without detection. Velvet Ant was found leveraging a zero-day exploit against Cisco Switch appliances to spread VELVETSHELL, a hybrid malware combining elements of Tiny SHell and 3proxy.