SonicWall SonicOS 접근 제어 취약점 (CVE-2024-40766)

1. SonicOS

- SonicWall이 개발한 네트워크 보안 운영 체제
- 주로 방화벽 및 보안 장비에 사용

2. CVE-2024-40766

[사진 1] CVE-2024-40766 [1]

- SonicWall SonicOS 관리 액세스의 부적절한 액세스 제어 취약성 (CVSS: 9.3)
> 네트워크 자원에 무단 접근을 허용하거나 방화벽을 충돌시켜 네트워크 보호 기능을 무력화할 수 있음
> 취약점이 처음 공개된 당시 SonicOS 관리 액세스 기능에만 영향을 미치는 것으로 알려졌으나, SSLVPN 기능에도 영향을 미치는 것으로 확인됨
> 취약점과 관련된 구체적인 정보를 공개하지 않았으나, 현재 악용되는 중으로, Akira 랜섬웨어 조직이 취약점을 악용하는 중 [2]

 

- 벤더사 제공 최신 업데이트 적용 [3][4]

> 추가적으로 방화벽 관리 액세스 제한, SSLVPN 비밀번호 재설정, MFA 적용, SSLVPN 액세스 제어 또는 비활성화 등 조치 권고

제품명	영향받는 버던	해결 버전
SOHO (Gen5)	5.9.2.14-12o 이하	5.9.2.14-13o
Gen6 방화벽 - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W	6.5.4.14-109n 이하	6.5.2.8-2n (SM9800, NSsp 12400, NSsp 12800용) 6.5.4.15.116n(다른 Gen6 방화벽 어플라이언스용)
Gen7 방화벽 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700	SonicOS 빌드 버전 7.0.1-5035	SonicOS 빌드 버전 7.0.1-5035 이후

3. 참고

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-40766
[2] https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
[3] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
[4] https://www.boho.or.kr/kr/bbs/view.do?searchCnd=1&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71546
[5] https://thehackernews.com/2024/09/sonicwall-urges-users-to-patch-critical.html
[6] https://www.securityweek.com/sonicwall-patches-critical-sonicos-vulnerability/
[7] https://www.securityweek.com/recent-sonicwall-firewall-vulnerability-potentially-exploited-in-the-wild/
[8] https://www.dailysecu.com/news/articleView.html?idxno=159256