SonicWall has released a fix for an access control vulnerability in a number of its products that could enable an attacker to gain access to sensitive resources or possibly crash the device.
The flaw is in the company’s SonicOS software that runs on its security devices, and it affects SonicWall Firewall Gen 5 and Gen 6 devices, as well some Gen 7 devices that are running version 7.0.1-5035 or older of the software.
“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash,” the advisory says.
The affected devices include those in the SOHO/TZ series, the NSa series, and the NSsp series, some of which are widely deployed in enterprise environments.
SonicWall released updated software to address the flaw (CVE-2024-40766), and organizations that have deployed affected devices should update as quickly as possible, as edge security devices are frequent targets for attackers.