Multiple Intel Products Vulnerabilities
September 9, 2024Critical RCE Vulnerability Patched in Progress Software’s LoadMaster
September 9, 2024Multiple Intel Products Vulnerabilities
September 9, 2024Critical RCE Vulnerability Patched in Progress Software’s LoadMaster
September 9, 2024Severity
High
Analysis Summary
SonicWall has revealed that a critical vulnerability in SonicOS, tracked as CVE-2024-40766, may be under active exploitation. This vulnerability, which carries a CVSS score of 9.3, is a severe improper access control flaw affecting the SonicWall SonicOS management access and SSLVPN.
If successfully exploited, it could allow unauthorized resource access and under certain conditions cause the firewall to crash. Given the critical nature of this issue and the possibility that it is being actively exploited in the wild, SonicWall urges all users to apply the necessary patches immediately.
The vulnerability impacts a wide range of SonicWall devices, including SOHO (Gen 5 Firewalls) which should be updated to version 5.9.2.14-13o. For Gen 6 Firewalls, the issue is addressed in version 6.5.2.8-2n for specific models (SM9800, NSsp 12400, and NSsp 12800) and version 6.5.4.15.116n for other Gen 6 appliances. With the latest advisory update, SonicWall has emphasized that the flaw also affects the firewall's SSLVPN feature, further increasing the urgency to patch affected systems.
As a precautionary measure, SonicWall recommends several temporary workarounds for users who cannot immediately apply the patch. For firewall management, access should be restricted to trusted sources, or WAN management should be disabled to limit exposure. For SSLVPN, users are advised to limit access to trusted sources or disable internet access entirely if necessary. These steps can help reduce the risk of exploitation while users work to implement the permanent fixes.
Additionally, SonicWall recommends enabling multi-factor authentication (MFA) for all SSLVPN users to further enhance security. For customers using GEN5 and GEN6 firewalls with SSLVPN and locally managed accounts, it is crucial to immediately update passwords to prevent unauthorized access. Although there are no specific details on how the flaw has been weaponized, this disclosure follows past incidents where Chinese threat actors exploited unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to establish long-term persistence. This trend underscores the importance of prompt patching and implementing robust security measures to protect critical infrastructure from potential threats.
Impact
- Unauthorized Access
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-40766
Affected Vendors
Affected Products
- SonicWall SonicOS - Gen6 Firewalls
- SonicWall SonicOS - Gen7 Firewalls
Remediation
- Refer to SonicWall Advisory for patch, upgrade, or suggested workaround information.
- Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
- Implement multi-factor authentication to add an extra layer of security to login processes.
- Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
- Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
- Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
- Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
- Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
- Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
- Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.