SonicWall SonicOS: Security vulnerability allows management interface access

IT researchers have discovered three security vulnerabilities in SonicWall's SonicOS firewall operating system. Attackers can potentially gain unauthorized access to the management interface under certain circumstances.

This is warned about by SonicWall in a security advisory. The most serious is a vulnerability that developers classify as weak authentication. This allows attackers to gain unauthorized access to specific, unmentioned management interface functions – under also unmentioned circumstances (CVE-2026-0204, CVSS 8.0, Risk “high”). Logged-in users can also exploit a path traversal vulnerability, allowing them to interact with services that are normally access-restricted (CVE-2026-0205, CVSS 6.8, Risk “medium”). Finally, SonicOS is vulnerable to a denial-of-service attack, as logged-in users can trigger a stack-based buffer overflow and thus crash the firewall (CVE-2026-0206, CVSS 4.9, Risk “medium”).

All three vulnerabilities were reported by CrowdStrike. They do not appear to be actively exploited yet; SonicWall provides no information on this.

Bug Fixes

SonicWall is patching these security vulnerabilities with versions 6.5.5.2-28n for Gen6 hardware firewalls, 7.3.2-7010 for Gen7 devices, and 8.2.0-8009 for Gen8 SonicOS firewalls. For firmware 6.5.5.2-28n, SonicWall notes that downgrading to previous firmware versions is not supported; attempting to do so risks deleting or resetting all LDAP users and MFA settings.

As a temporary workaround until the updates are applied, IT administrators using SonicWall firewalls and SSLVPNs can completely disable the management interface and switch off SSLVPN on all interfaces. They should then restrict management to SSH access.

However, administrators should act quickly. Security vulnerabilities in SonicWall firmware are highly sought after by cybercriminals; last December, they attacked a vulnerability in SMA1000 appliances.

(dmk)