CVE ID
CVE-2024-40766
Vulnerability Name
SonicWall SonicOS Improper Access Control Vulnerability
- Project: SonicWall
- Product: SonicOS
Date
- Date Added: 2024-09-09
- Due Date: 2024-09-30
Description
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766
Related Security News
- SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
- SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
- SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
- Fog ransomware targets SonicWall VPNs to breach corporate networks
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
- CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
Top comments (0)