CVE-2024-40766 - SonicWall SonicOS Improper Access Control Vulnerability
Project:SonicWall
Product:SonicOS
Date Added:2024-09-09Due Date:2024-09-30
Vulnerability Name
SonicWall SonicOS Improper Access Control Vulnerability
Description
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
Related News Articles
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)January 27, 2025
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate NetworksNovember 12, 2024
Fog ransomware targets SonicWall VPNs to breach corporate networksOctober 27, 2024
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest AttacksOctober 23, 2024
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)September 10, 2024