Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL IMPROPER ACCESS CONTROL VULNERABILITY IN SONICOS PRODUCTS, PATCH IMMEDIATELY!
Image
Published : 27/08/2024
Reference:
Advisory #2024-212
Version:
1.1
Affected software:
Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250,
Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 SonicOS build version 7.0.1-5035 and older versions
SOHO (Gen 5) 5.9.2.14-12o and older versions
Type:
Improper Access Control Vulnerability
CVE/CVSS:
CVE-2024-40766 / CVSS 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)
Sources
SonicWall: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Risks
The vulnerability can allow an attacker to gain unauthorized access to resources of the firewall and in some cases cause it to crash. It has a high impact on confidentiality and in some cases can have an impact on the availability of the firewall. The attack can happen remotely.
Threat actors have been observed in the past targeting SonicWall appliances with malware that persists through firmware upgrades. Given the criticality of this appliances and the fact that these types of devices are often targeted by threat actors, it is highly advised to patch this vulnerability.
The vulnerability has been reported as actively exploited in the wild! Update your systems immediately!
Update 2025-08-07
SonicWall is currently investigating around 40 cases where it appears that devices were compromised through CVE-2024-40766. Many of these incidents relate to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over during the migration and not reset. Resetting passwords was a critical step outlined in their original advisory. See Recommended Actions below to find the updated guidance from SonicWall.
Description
SonicWall has disclosed a critical improper access control vulnerability in SonicOS, the operating system for their firewall products.
The vulnerability affects SonicWall Firewall Gen 5, Gen 6 and Gen 7 devices for which updates are available.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing and following SonicWall's updated guidance:
- Update firmware to version 7.3.0, which includes enhanced protections against brute force attacks and additional MFA controls.
- Reset all local user account passwords for any accounts with SSLVPN access, especially if they were carried over during migration from Gen 6 to Gen 7.
- Continue applying the previously recommended best practices:
- Enable Botnet Protection and Geo-IP Filtering.
- Remove unused or inactive user accounts.
- Enforce MFA and strong password policies.
More information on: https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Bleeping Computer: https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos