Improper Access Control Vulnerability Affects Sonicwall Firewalls
CVE-2024-40766
Key Information:
Badges
What is CVE-2024-40766?
CVE-2024-40766 refers to an improper access control vulnerability found in SonicWall Firewalls, specifically within the SonicOS management access. SonicWall firewalls are network security devices designed to protect organizations from cyber threats and unwanted traffic. This vulnerability has the potential to severely impact organizations by allowing unauthorized access to critical resources and could result in the firewall becoming unresponsive under specific conditions, jeopardizing network security and integrity.
Technical Details
The vulnerability arises from deficiencies in access control mechanisms within the SonicWall SonicOS. Affected devices include SonicWall Firewall Gen 5, Gen 6, and Gen 7 running SonicOS versions 7.0.1-5035 and earlier. The improper access controls can be exploited to gain unauthorized access, enabling threat actors to manipulate firewall settings or access sensitive configurations. This situation can lead to critical security breaches within an organization’s network infrastructure.
Impact of the Vulnerability
-
Unauthorized Resource Access: Exploiting this vulnerability can allow attackers to bypass security protocols, granting them unauthorized access to sensitive data or configurations within the firewall, significantly undermining the organization's security posture.
-
Firewall Crashes: Under certain conditions, this vulnerability may cause the firewall to crash, leading to disrupted network services and potentially leaving the organization exposed to further threats during downtime.
-
Increased Risk of Cyber Attacks: With unauthorized access capabilities, malicious actors could deploy additional attacks, including data breaches or lateral movement within the network, increasing the overall risk of a successful cyber attack against the organization.
CISA has reported CVE-2024-40766
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
SonicOS Gen5 5.9.2.14-12o and older versions
SonicOS Gen5 6.5.4.14-109n and older versions
SonicOS Gen5 7.0.1-5035 and older versions
News Articles
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw.
16 hours ago
The Hacker NewsCVE-2024-40766SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
SonicWall confirms recent SSL VPN attacks link to patched CVE-2024-40766 and reused passwords, urging password resets.
21 hours ago
The Cyber ExpressMajor IT Vulnerabilities Reported In Fortinet, SonicWall, Grafana
Cyble's report reveals critical vulnerabilities in Fortinet, SonicWall, and Grafana Labs impacting over 1 million assets.
References
EPSS Score
18% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved