Improper Access Control Vulnerability Affects Sonicwall Firewalls
CVE-2024-40766
Key Information
- Vendor
- Sonicwall
- Status
- Sonicos
- Vendor
- CVE Published:
- 23 August 2024
Badges
What is CVE-2024-40766?
CVE-2024-40766 refers to an improper access control vulnerability found in SonicWall Firewalls, specifically within the SonicOS management access. SonicWall firewalls are network security devices designed to protect organizations from cyber threats and unwanted traffic. This vulnerability has the potential to severely impact organizations by allowing unauthorized access to critical resources and could result in the firewall becoming unresponsive under specific conditions, jeopardizing network security and integrity.
Technical Details
The vulnerability arises from deficiencies in access control mechanisms within the SonicWall SonicOS. Affected devices include SonicWall Firewall Gen 5, Gen 6, and Gen 7 running SonicOS versions 7.0.1-5035 and earlier. The improper access controls can be exploited to gain unauthorized access, enabling threat actors to manipulate firewall settings or access sensitive configurations. This situation can lead to critical security breaches within an organization’s network infrastructure.
Impact of the Vulnerability
-
Unauthorized Resource Access: Exploiting this vulnerability can allow attackers to bypass security protocols, granting them unauthorized access to sensitive data or configurations within the firewall, significantly undermining the organization's security posture.
-
Firewall Crashes: Under certain conditions, this vulnerability may cause the firewall to crash, leading to disrupted network services and potentially leaving the organization exposed to further threats during downtime.
-
Increased Risk of Cyber Attacks: With unauthorized access capabilities, malicious actors could deploy additional attacks, including data breaches or lateral movement within the network, increasing the overall risk of a successful cyber attack against the organization.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40766 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
SonicOS = 5.9.2.14-12o and older versions
SonicOS = 6.5.4.14-109n and older versions
SonicOS = 7.0.1-5035 and older versions
News Articles
Major IT Vulnerabilities Reported In Fortinet, SonicWall, Grafana
Cyble's report reveals critical vulnerabilities in Fortinet, SonicWall, and Grafana Labs impacting over 1 million assets.
2 months ago
Fog and Akira ransomware attacks exploit SonicWall VPN flaw
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.
2 months ago
Fog ransomware targets SonicWall VPNs to breach corporate networks
Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls.
2 months ago
Refferences
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot
Vulnerability started trending
- 😈
Used in Ransomware
CISA Reported
- 👾
Exploit known to exist
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved