Active Exploitation of Critical Vulnerability in SonicWall SonicOS

SonicWall has released security updates to address a critical vulnerability (CVE-2024-40766) in SonicOS's management access and SSLVPN features. The vulnerability is reportedly being actively exploited.

Successful exploitation of the improper access control vulnerability could allow a remote attacker to gain unauthorised resource access and in specific conditions, to cause the firewall to crash, effectively disabling network protections. 

The vulnerability affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Users and administrators of affected devices are advised to apply the latest security updates immediately.

More information is available here:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015