Improper Access Control Vulnerability Affects Sonicwall Firewalls

CVE-2024-40766
9.8CRITICAL

Key Information

Vendor
Sonicwall
Status
Sonicos
Vendor
CVE Published:
23 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The vulnerability identified as CVE-2024-40766 affects SonicWall next-gen firewalls, allowing attackers unauthorized access to resources and potentially causing the appliances to crash. The flaw also affects SSL-VPN. Although no exploitation has been confirmed, SonicWall recently updated their advisory to indicate it may be exploited in the wild. Customers are urged to apply the security patches as soon as possible, as threat actors have been known to exploit vulnerabilities in SonicWall products in the past. This vulnerability has a 9.3 CVSS v3 base score, indicating its severity.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

SonicOS = 5.9.2.14-12o and older versions

SonicOS = 6.5.4.14-109n and older versions

SonicOS = 7.0.1-5035 and older versions

News Articles

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • 👾

    Exploit exists.

  • First article discovered by Help Net Security

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database11 News Article(s)
.