.png)
Summary
On 23-Aug-2024, SonicWall published
a security advisory addressing a critical vulnerability in SonicOS affecting
multiple SonicWall firewall models. If exploited, the vulnerability could allow
improper access control, enabling threat actors to gain unauthorised access to
resources and potentially crash the affected device.
On 06-Sep-2024, SonicWall updated
the advisory with an urgent warning regarding CVE-2024-40766, informing that
the vulnerability is potentially being exploited in the wild.
On 06-Sep-2024, Arctic Wolf Cybersecurity published
a security bulletin stating that Akira ransomware affiliates carried out
attacks by compromising SSLVPN user accounts on SonicWall devices as an initial
access vector.
We strongly recommend that organisations running affected
SonicWall products upgrade to the latest supported SonicOS firmware versions as
soon as possible.
What is the Vulnerability?
We are providing the CVE score and 3.x severity rating assigned by NIST
at the time of disclosure
- CVE-2024-40766 – CVSS 9.3 CRITICAL - SonicOS Improper Access Control Vulnerability – An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorised resource access and in specific conditions, causing the firewall to crash. The vulnerability is network-based, requires no authentication or user interaction, and is of low complexity, making it particularly dangerous for organisations using SonicWall firewalls to protect their security perimeter.
Weakness
Enumeration: CWE-284 : Improper
Access Control
What is
Vulnerable?
·
Gen 5 devices:
o
SOHO running version 5.9.2.14-12o and earlier.
·
Gen 6 devices:
o
Various TZ, NSA, and SM models running SonicOS versions
6.5.4.14-109n and earlier.
·
Gen 7 devices:
o
TZ and NSA models running SonicOS 7.0.1-5035 and earlier.
The complete list of affected product versions is available here.
Recommendations:
·
Review the Security
Advisory SNWLID-2024-0015
·
Identify the vulnerable product versions
within your environment
o
If identified upgrade the upgrade to the updated versions
§
Reset all SSLVPN account passwords for
locally-managed accounts
·
Administrators must manually enable each
account's “User must change password” option to reset their passwords.
·
Change the password, if the same passwords are
used in Active Directory or another centralised authentication solution
o
For Gen 5 devices:
§
Navigate to Users > Local Users in SonicOS
5.9, as outlined on pages 1340 and 1341 of the SonicOS
Administrators Guide.
o
For Gen 6 devices:
§
Navigate to MANAGE |
System Setup > Users > Local Users & Groups, as
detailed on pages 227 and 228 of the SonicOS 6.5 System Setup Administration Guide.
§
Enable MFA
for all local SSLVPN accounts
·
If immediate opt-in upgrade is not possible
o
Disable WAN management and SSLVPN access from
the internet
§
Restrict firewall
management access to trusted sources or disable firewall WAN management
from Internet access.
§
Ensure that access is limited to trusted
sources, or disable
SSLVPN access from the Internet.
·
For additional information SonicWall Technical
Support.
·
Refer Arctic
Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts
Words of Estimative Probability (WEPs) Certain words are used within intelligence products to convey analytical judgement regarding the probability of a development or event occurring. Our judgements are not factual statements, they reflect the best understanding of a scenario or situation at a point in time based on available information. This diagram shows the relationships between the estimative terms and how they correspond to approximate ranges of likelihood:
Post a Comment