Improper Access Control Vulnerability Affects Sonicwall Firewalls

CVE-2024-40766

9.8CRITICAL

Key Information

Vendor
Sonicwall
Status
Sonicos
Vendor
CVE Published:
23 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

What is CVE-2024-40766?

CVE-2024-40766 refers to an improper access control vulnerability found in SonicWall Firewalls, specifically within the SonicOS management access. SonicWall firewalls are network security devices designed to protect organizations from cyber threats and unwanted traffic. This vulnerability has the potential to severely impact organizations by allowing unauthorized access to critical resources and could result in the firewall becoming unresponsive under specific conditions, jeopardizing network security and integrity.

Technical Details

The vulnerability arises from deficiencies in access control mechanisms within the SonicWall SonicOS. Affected devices include SonicWall Firewall Gen 5, Gen 6, and Gen 7 running SonicOS versions 7.0.1-5035 and earlier. The improper access controls can be exploited to gain unauthorized access, enabling threat actors to manipulate firewall settings or access sensitive configurations. This situation can lead to critical security breaches within an organization’s network infrastructure.

Impact of the Vulnerability

  1. Unauthorized Resource Access: Exploiting this vulnerability can allow attackers to bypass security protocols, granting them unauthorized access to sensitive data or configurations within the firewall, significantly undermining the organization's security posture.

  2. Firewall Crashes: Under certain conditions, this vulnerability may cause the firewall to crash, leading to disrupted network services and potentially leaving the organization exposed to further threats during downtime.

  3. Increased Risk of Cyber Attacks: With unauthorized access capabilities, malicious actors could deploy additional attacks, including data breaches or lateral movement within the network, increasing the overall risk of a successful cyber attack against the organization.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

SonicOS = 5.9.2.14-12o and older versions

SonicOS = 6.5.4.14-109n and older versions

SonicOS = 7.0.1-5035 and older versions

News Articles

Major IT Vulnerabilities Reported In Fortinet, SonicWall, Grafana

Cyble's report reveals critical vulnerabilities in Fortinet, SonicWall, and Grafana Labs impacting over 1 million assets.

2 months ago

Fog and Akira ransomware attacks exploit SonicWall VPN flaw

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.

2 months ago

Fog ransomware targets SonicWall VPNs to breach corporate networks

Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls.

2 months ago

Refferences

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot

  • Vulnerability started trending

  • 😈

    Used in Ransomware

  • CISA Reported

  • 👾

    Exploit known to exist

  • First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database12 News Article(s)
.