Subj : SonicWall patches critical firewall security flaw To : All From : TechnologyDaily Date : Tue Aug 27 2024 16:45:05 SonicWall patches critical firewall security flaw Date: Tue, 27 Aug 2024 15:40:00 +0000 Description: The bug allowed for unauthorized resource access, SonicWall said. FULL STORY ====================================================================== SonicWall has patched a critical vulnerability in its firewall service which could have allowed crooks to access the underlying device. The company released a patch and a follow-up advisory, in which it explained discovering, and fixing, an improper access control bug. The flaw is tracked as CVE-2024-40766, and carries a severity score of 9.3, which makes it critical. "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," the advisory reads. Patches and workarounds The company further explained that SonicWall Firewall Gen 5 and Gen 6 devices are affected by this bug. Gen 7 devices are also vulnerable, albeit those running SonicOS 7.0.1-5035 and older. To secure the endpoints from potential break-ins, users should update their firewalls to these versions: SOHO (Gen 5 Firewalls) - 5.9.2.14-13o Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances) The company said that the devices running SonicOS firmware version higher than 7.9.1-5035 should be safe, since the bug cannot be reproduced. However, installing the latest firmware is recommended. Those who are unable to install the patch should go for the workaround, which includes restricting firewall management access to only the people they trust. Alternatively, they can disable firewall WAN management access from all internet sources, too. So far, there were no reports of in-the-wild abuse. However, if history is any teacher, now with the patch released and knowledge of the bug available, its only a matter of time before crooks start scanning the internet for vulnerable endpoints. Previously, SonicWalls solutions were targeted by Chinese state-sponsored hackers, who devised a piece of malware that was even capable of surviving firmware updates. Via The Hacker News More from TechRadar Pro SonicWall is being attacked by some very persistent malware Here's a list of the best firewall software around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/sonicwall-patches-critical-security-fla w-in-its-firewall --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .