Improper Access Control Vulnerability Affects Sonicwall Firewalls
Key Information
- Vendor
- Sonicwall
- Status
- Sonicos
- Vendor
- CVE Published:
- 23 August 2024
Badges
Summary
The vulnerability identified as CVE-2024-40766 affects SonicWall next-gen firewalls, allowing attackers unauthorized access to resources and potentially causing the appliances to crash. The flaw also affects SSL-VPN. Although no exploitation has been confirmed, SonicWall recently updated their advisory to indicate it may be exploited in the wild. Customers are urged to apply the security patches as soon as possible, as threat actors have been known to exploit vulnerabilities in SonicWall products in the past. This vulnerability has a 9.3 CVSS v3 base score, indicating its severity.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
SonicOS = 5.9.2.14-12o and older versions
SonicOS = 6.5.4.14-109n and older versions
SonicOS = 7.0.1-5035 and older versions
News Articles
Fog and Akira ransomware attacks exploit SonicWall VPN flaw
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.
13 hours ago
Fog ransomware targets SonicWall VPNs to breach corporate networks
Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls.
2 days ago
CISA says SonicWall bug being exploited as experts warn of ransomware gang use
Federal cybersecurity experts are warning that a vulnerability affecting products from SonicWall is being exploited, and ordered all federal civilian agencies to implement a patch for the bug by the end of the month.
3 weeks ago
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.