Fri Sep 06 15:55:00 UTC 2024: – SonicWall has revealed that a critical security flaw impacting SonicOS may have been actively exploited
– The vulnerability, CVE-2024-40766, has a CVSS score of 9.3 out of 10
– The flaw affects SonicOS management access and SSLVPN, potentially leading to unauthorized access and causing the firewall to crash
– Users are urged to apply patches as soon as possible
– Temporary mitigations include restricting firewall management to trusted sources, limiting SSLVPN access, enabling MFA, and updating passwords
– Chinese threat actors have previously exploited unpatched SonicWall appliances
– There are no details on how the flaw has been exploited, but users are advised to take precautions to prevent unauthorized access.

Read More