Improper Access Control Vulnerability Affects Sonicwall Firewalls
CVE-2024-40766
Key Information:
Badges
What is CVE-2024-40766?
CVE-2024-40766 refers to an improper access control vulnerability found in SonicWall Firewalls, specifically within the SonicOS management access. SonicWall firewalls are network security devices designed to protect organizations from cyber threats and unwanted traffic. This vulnerability has the potential to severely impact organizations by allowing unauthorized access to critical resources and could result in the firewall becoming unresponsive under specific conditions, jeopardizing network security and integrity.
Technical Details
The vulnerability arises from deficiencies in access control mechanisms within the SonicWall SonicOS. Affected devices include SonicWall Firewall Gen 5, Gen 6, and Gen 7 running SonicOS versions 7.0.1-5035 and earlier. The improper access controls can be exploited to gain unauthorized access, enabling threat actors to manipulate firewall settings or access sensitive configurations. This situation can lead to critical security breaches within an organization’s network infrastructure.
Impact of the Vulnerability
-
Unauthorized Resource Access: Exploiting this vulnerability can allow attackers to bypass security protocols, granting them unauthorized access to sensitive data or configurations within the firewall, significantly undermining the organization's security posture.
-
Firewall Crashes: Under certain conditions, this vulnerability may cause the firewall to crash, leading to disrupted network services and potentially leaving the organization exposed to further threats during downtime.
-
Increased Risk of Cyber Attacks: With unauthorized access capabilities, malicious actors could deploy additional attacks, including data breaches or lateral movement within the network, increasing the overall risk of a successful cyber attack against the organization.
CISA has reported CVE-2024-40766
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
SonicOS Gen5 5.9.2.14-12o and older versions
SonicOS Gen5 6.5.4.14-109n and older versions
SonicOS Gen5 7.0.1-5035 and older versions
News Articles
Akira Hits SonicWall VPNs in Broad Ransomware Campaign
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
3 weeks ago
Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully authenticating despite OTP MFA being enabled on accounts. Researchers suspect this may through the use of previously stolen OTP seeds, though the exact method rema...
3 weeks ago
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices.
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved