1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • SonicWall patches critical firewall security flaw

    From TechnologyDaily@1337:1/100 to All on Tue Aug 27 15:45:05 2024
    SonicWall patches critical firewall security flaw

    Date:
    Tue, 27 Aug 2024 15:40:00 +0000

    Description:
    The bug allowed for unauthorized resource access, SonicWall said.

    FULL STORY ======================================================================

    SonicWall has patched a critical vulnerability in its firewall service which could have allowed crooks to access the underlying device.

    The company released a patch and a follow-up advisory, in which it explained discovering, and fixing, an improper access control bug. The flaw is tracked as CVE-2024-40766, and carries a severity score of 9.3, which makes it critical.

    "An improper access control vulnerability has been identified in the
    SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," the advisory reads. Patches and workarounds

    The company further explained that SonicWall Firewall Gen 5 and Gen 6 devices are affected by this bug. Gen 7 devices are also vulnerable, albeit those running SonicOS 7.0.1-5035 and older.

    To secure the endpoints from potential break-ins, users should update their firewalls to these versions:

    SOHO (Gen 5 Firewalls) - 5.9.2.14-13o
    Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances)

    The company said that the devices running SonicOS firmware version higher
    than 7.9.1-5035 should be safe, since the bug cannot be reproduced. However, installing the latest firmware is recommended.

    Those who are unable to install the patch should go for the workaround, which includes restricting firewall management access to only the people they
    trust. Alternatively, they can disable firewall WAN management access from
    all internet sources, too.

    So far, there were no reports of in-the-wild abuse. However, if history is
    any teacher, now with the patch released and knowledge of the bug available, its only a matter of time before crooks start scanning the internet for vulnerable endpoints. Previously, SonicWalls solutions were targeted by Chinese state-sponsored hackers, who devised a piece of malware that was even capable of surviving firmware updates.

    Via The Hacker News More from TechRadar Pro SonicWall is being attacked by some very persistent malware Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/sonicwall-patches-critical-security-fla w-in-its-firewall


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)