TT-CSIRT – 432.10.09.24. SonicOS Improper Access Control Vulnerability

TT-CSIRT – 432.10.09.24. SonicOS Improper Access Control Vulnerability

The TTCSIRT wishes to inform you of a recently identified vulnerability in SonicWall SonicOS. This improper access control issue affects SonicWall SonicOS management access and SSLVPN, potentially allowing unauthorized access to resources and, under certain conditions, causing the firewall to crash.

The vulnerability impacts SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS versions 7.0.1-5035 and earlier.

Please be aware that there are reports of this vulnerability being actively exploited by ransomware groups.

Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com

For more details, administrators are encouraged to review the advisory from SonicWall:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt