SonicWall Vulnerability

Prepared by: Craig Taylor

Date: September 6, 2024

SonicWall initially published advisory SNWLID-2024-0015 on 8-22-2024 regarding an access control vulnerability. In the past week, SonicWall has addressed this critical vulnerability in its next-gen firewalls. This vulnerability, identified as CVE-2024-40766, could allow remote attackers unauthorized access to resources and, under certain conditions, cause the firewalls to crash. The vulnerability has been given a high severity score of 9.3.

This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. The issue has been addressed in versions: SOHO (Gen 5 Firewalls) – 5.9.2.14-13o and Gen 6 Firewalls – 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances).

SonicWall has released patches to fix this issue, and it’s crucial for users to update their systems to mitigate potential risks. This vulnerability highlights the importance of keeping security systems up to date to protect against unauthorized access and potential disruptions.

Additional Info:

Last year, Google-owned Mandiant revealed that a suspected China-nexus threat actor tracked as UNC4540 targeted unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop Tiny SHell and establish long-term persistence.

Various China-linked activity clusters have increasingly shifted operations to focus on edge infrastructure to breach targets and maintain remote access without attracting any attention.

This includes an intrusion set dubbed Velvet Ant that was recently discovered leveraging a zero-day exploit against Cisco Switch appliances to propagate a new malware called VELVETSHELL, a hybrid customized version of Tiny SHell and 3proxy.