Patch now! Attackers attack firewalls from Sonicwall
It is now clear that a vulnerability affects not only SonicOS, but also the SSLVPN function. Security updates are available.
(Image: solarseven/Shutterstock.com)
Due to current attacks, network admins should update their Sonicwall firewalls immediately and change passwords of SSLVPN users. If this is not done, attackers can cause firewalls to crash.
Firewall protection compromised
The "critical" vulnerability (CVE-2024-40766) has been known since the end of August 2024. The manufacturer has now revised the warning message and warns against actively exploiting the vulnerability to attack devices. In addition to SonicOS, the vulnerability also affects the SSLVPN component, the developers explain.
Videos by heise
Because access controls do not work reliably, attackers can gain access for a DoS attack in an unspecified way and thus take firewalls out of service. Devices from the Gen5, Gen6 and Gen7 series up to and including firmwares 5.9.2.14-12o, 6.5.4.14-109n and 7.0.1-5035 are affected.
Sonicwall assures to have closed the vulnerability in the following releases:
- 5.9.2.14-13o
- 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800)
- 6.5.4.15.116n (for other Gen6 firewall appliances)
- Firmwares more up-to-date than 7.0.1-5035
Larger attack surface
As the manufacturer has now discovered, the SSLVPN feature is also affected by the vulnerability in addition to SonicOS. As a result, admins should set up accounts immediately and ensure that SSLVPN users change their password. In addition, multi-factor authentication should be activated.
Sonicwall does not currently list how admins can recognize systems that have already been attacked. The warning message also lacks information on Indicators of Compromise (IoC), i.e. information on how to recognize a successful attack or attempt. The extent of the attacks is currently unknown.
(des)
