News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Advisories
  3. Vulnerability in SonicWall firewalls

Vulnerability in SonicWall firewalls

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

3:30pm, 9 September 2024

TLP Rating: Clear

Vulnerability in SonicWall firewalls

A critical vulnerability (CVE-2024-40766) exists in SonicWall SonicOS management access and SSLVPN. SonicWall states that this vulnerability is potentially being actively exploited in the wild. 

What's happening

Systems affected

This vulnerability impacts the following SonicOS versions:

  • Gen 5 - 5.9.2.14-12o and older versions,
  • Gen 6 - 6.5.4.14-109n and older versions, and
  • Gen 7 - 7.0.1-5035 and older versions.

For more details on impacted platforms, visit the SonicWall advisory. 

What to do

Prevention

SonicWall recommends updating to the following fixed versions:

  • Gen 5 - 5.9.2.14-13o,
  • Gen 6 - 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800), 
  • Gen 6 - 6.5.4.15.116n (for other Gen6 Firewall appliances), and  
  • Gen 7 - Latest version (Should be after 7.0.1-5035).

For more details on impacted versions, visit the SonicWall advisory. 

Mitigation

To minimise impact, SonicWall recommends disabling internet access for SSLVPN and firewall WAN management or limiting access to trusted sources. For more information on how to do this, visit the SonicWall advisory below. 

More information

SonicWall has released an advisory on the vulnerability.

Security Advisory (sonicwall.com)  External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ. 

Report an incident to CERT NZ