SonicWall’s SonicOS is susceptible to a crucial entry management flaw that might enable attackers to realize entry unauthorized entry to sources or trigger the firewall to crash.
The flaw has obtained the identifier CVE-2024-40766 and a severity rating of 9.3 in response to the CVSS v3 normal, based mostly on its network-based assault vector, low complexity, no authentication, and no person interplay necessities.
“An improper entry management vulnerability has been recognized within the SonicWall SonicOS administration entry, doubtlessly resulting in unauthorized useful resource entry and in particular situations, inflicting the firewall to crash,” reads SonicWall’s bulletin.
“This situation impacts SonicWall Firewall Gen 5 and Gen 6 units, in addition to Gen 7 units working SonicOS 7.0.1-5035 and older variations.”
Particular fashions impacted are:
- Gen 5: SOHO units working model 5.9.2.14-12o and older
- Gen 6: Varied TZ, NSA, and SM fashions working variations 6.5.4.14-109n and older
- Gen 7: TZ and NSA fashions working SonicOS construct model 7.0.1-5035 and older

Supply: SonicWall
It is suggested that system directors transfer to the beneath variations, which handle CVE-2024-40766:
- For Gen 5: Model 5.9.2.14-13o
- For Gen 6: Model 6.5.4.15.116n
- For SM9800, NSsp 12400, and NSsp 12800, model 6.5.2.8-2n is protected
- For Gen 7: Any SonicOS firmware model larger than 7.0.1-5035
The safety updates have been made obtainable for obtain by way of mysonicwall.com.
Those that can’t apply the fixes instantly are beneficial to limit firewall administration entry to trusted sources or disable WAN administration entry from the web. Extra info on how to do that will be discovered on SonicWall’s assist web page.
SonicWall firewalls are broadly utilized in a broad vary of mission-critical industries and company environments and are generally focused by menace actors to realize preliminary entry to company networks.
In March 2023, suspected Chinese language hackers tracked as UNC4540 attacked SonicWall Safe Cell Entry (SMA) home equipment with customized malware that might persist by way of firmware upgrades.
The US Cybersecurity & Infrastructure Safety Company (CISA) has warned about energetic exploitation of flaws impacting SonicWall home equipment since 2022.