CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-40766

Critical Severity|Sonicwall
84
SVRS
9.8
CVSSv3
0.15694
EPSS
TAGS
In The WildExploit AvaliableCISA KEV
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2024-08-23
LAST MODIFIED2025-10-21

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2024-40766, is an improper access control flaw found in the SonicWall SonicOS management access. It is critical because it can lead to unauthorized access to firewall resources and, in certain conditions, can cause the firewall to crash, resulting in a denial of service. Given that firewalls are critical components of network security, such a vulnerability can severely compromise network integrity, confidentiality, and availability.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for this vulnerability is 9.8, which designates it as a Critical severity level. The vulnerability was publicly disclosed and published on 2024-08-23 06:19:07, and the record was last modified on 2025-10-21 22:55:46.
3. Which products, vendors, systems, and versions are affected?
The affected vendor is SonicWall. The vulnerability impacts the following products and versions:
  • SonicWall Firewall Gen 5 devices
  • SonicWall Firewall Gen 6 devices
  • SonicWall Firewall Gen 7 devices running SonicOS 7.0.1-5035 and older versions
4. What is the technical root cause and attack vector?
The technical root cause is an improper access control vulnerability (CWE-284) within the SonicWall SonicOS management access mechanism. This flaw allows attackers to bypass intended security restrictions. The primary attack vector is through the management interface of the affected SonicWall firewall devices.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by leveraging the improper access control flaw in the SonicOS management interface. An attacker can gain unauthorized access to firewall resources. Furthermore, under specific conditions, exploitation can lead to a denial of service by causing the affected firewall to crash. The fact that active exploits have been published indicates that the methods for exploitation are known and potentially publicly available.
6. What mitigation steps and patches are available?
To mitigate this vulnerability, administrators should upgrade their SonicWall Firewall Gen 7 devices to a SonicOS version newer than 7.0.1-5035. For Gen 5 and Gen 6 devices, the latest security patches and firmware updates released by SonicWall should be applied. Additionally, restricting access to the SonicOS management interface to only trusted networks and IP addresses can limit the exposure to potential attackers.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by checking the SonicOS version running on SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices. Specifically, for Gen 7 devices, any installation running SonicOS 7.0.1-5035 or older is considered vulnerable. Administrators should verify their current firmware version against the vendor's advisories for the latest patched versions.
8. What are the indicators of compromise (IOCs)?
Indicators of Compromise (IOCs) for this vulnerability may include:
  • Unauthorized login attempts or successful unauthorized access to the SonicOS management interface.
  • Unexplained reboots or crashes of the SonicWall firewall devices.
  • Unusual configuration changes or unauthorized modifications observed on the firewall.
  • Unexpected network traffic originating from the firewall itself.
  • Entries in firewall logs indicating access from unfamiliar or unauthorized IP addresses to the management interface.
9. Which threat actors are known to exploit this vulnerability?
While the CVE data does not name specific threat actor groups, it explicitly states that "Active exploits have been published to exploit the vulnerability." This indicates that the vulnerability is publicly known and is likely being targeted or actively exploited by various malicious actors, including cybercriminals, state-sponsored groups, or opportunistic attackers.
10. What public intelligence references and advisories exist?
The primary public intelligence reference is CVE-2024-40766 itself. Given that SonicWall is the affected vendor, official security advisories and patches are expected to be published by SonicWall. The existence of published active exploits suggests that details about the exploitation methods may be available in public security research, threat intelligence platforms, or exploit databases.
11. What is the risk assessment and urgency level?
The risk assessment for CVE-2024-40766 is rated as Critical, highlighted by a CVSS score of 9.8. This vulnerability affects critical network infrastructure (firewalls) and can lead to severe consequences such as unauthorized resource access and denial of service. The urgency level is Immediate. Organizations using affected SonicWall devices must prioritize patching and implementing mitigation strategies without delay to protect their networks from active exploitation.
TypeIndicatorDate
IP
66.165.243.392025-07-16Search on IOC Radar
HASH
5c62626731856fb5e669473b39ac3deb0052b32981863f8cf697ae01c80512e52023-08-04Search on IOC Radar
HASH
d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb2021-06-17Search on IOC Radar
IP
85.239.52.962023-10-27Search on IOC Radar
HASH
ecae8b9c820ce255108f6050c26c37a12025-07-23Search on IOC Radar
HASH
42333349841ddcec2b5c073abc0cae651bb03e5f2025-07-23Search on IOC Radar
HASH
1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe0692024-09-26Search on IOC Radar
Show All 11 IOCs
TitleSoftware LinkDate
SonicWall SonicOS Improper Access Control Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-407662024-09-09
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
SonicWall CVE-2024-40766 Proves Patching Is Not Remediation
Rebecca Sutton2026-06-23
SonicWall CVE-2024-40766 Proves Patching Is Not Remediation | A SANS audit of 14 patched SonicWall firewalls shows Akira ransomware still getting in via stale accounts and LDAP misconfigurations the firmware update never touched. SonicWall CVE-2024-40766 Proves Patching Is Not Remediation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
cve-2024-40766configsecurityakira
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
2026-06-23
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd) | The vulnerability
The vulnerability In August 2024 SonicWall published advisory SNWLID-2024-0015 for CVE-2024-40766. It is an improper
cve-2024-12802cve-2024-40766configgithub
Rapid7 Analysis: CVE-2024-53704 - Rapid7
2026-06-16
Rapid7 Analysis: CVE-2024-53704 - Rapid7 | News Content: Overview On January 7, 2025, SonicWall announced an authentication bypass affecting SonicOS, the operating system used by many SonicWall appliances. This authentication bypass, which is assigned CVE-2024-53704 and affects many SonicWall devices, permits an unauthenticated attacker to bypass the SSLVPN authentication process. Since SSLVPN is often exposed to the public internet, an SSLVPN authentication bypass could facilitate initial access. The vendor stated when the advisory was published that there was no evidence of exploitation in the wild. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to hijack existing
google.comrssforumnews
Your Attack Surface Is Bigger Than You Think: Insights from the Arctic Wolf 2026 State of the Cybersecurity Attack Surface Report - Arctic Wolf
2026-06-16
Your Attack Surface Is Bigger Than You Think: Insights from the Arctic Wolf 2026 State of the Cybersecurity Attack Surface Report - Arctic Wolf | News Content: Most security teams aren’t naive to the growing risk in their environment, but because of high event volume and asset visibility gaps, emerging risk dynamics have become increasingly challenging to act on. Arctic Wolf’s latest State of the Cybersecurity Attack Surface report puts real data behind the challenge. Drawing on aggregated, anonymized data from Aurora® Exposure Management across more than 800,000 IT assets, the findings reveal an enterprise attack surface where foundational controls and
google.comrssforumnews
How MSPs should handle the end of the SSL VPN era - Channel Dive
2026-06-03
How MSPs should handle the end of the SSL VPN era - Channel Dive | News Content: This audio is auto-generated. Please let us know if you have feedback. Editor’s note: The following is a guest post from Kent Lawson, founder and CEO of Private Communications Corporation. There is a pattern that should concern every MSP serving small and midsize businesses. A critical SSL VPN vulnerability is disclosed. A patch is issued. Organizations scramble to apply it only to learn of another critical vulnerability in the same product line just a few months later. As the cycle repeats, unpatched SSL VPN
volt typhoongoogle.comrssforum
Incidents de sécurité dans les pare-feux SonicWall (05 août 2025)
2025-08-05
Incidents de sécurité dans les pare-feux SonicWall (05 août 2025) | [Mise à jour du 7 août 2025] Le 6 août 2025, SonicWall a remplacé une partie de son communiqué initial pour indiquer que les incidents de sécurité évoqués étaient vraisemblablement corrélés à la vulnérabilité CVE-2024-40766. Celle-ci a fait l'objet d'un bulletin de sécurité, SNWLID-2024-0015 (cf....
ssi.gouv.frrssforumnews
Vulnérabilité dans SonicWall (10 septembre 2024)
2024-09-10
Vulnérabilité dans SonicWall (10 septembre 2024) | Le 22 août 2024, Sonicwall a publié un correctif concernant la vulnérabilité critique CVE-2024-40766 affectant les pare-feux Sonicwall génération 5, 6 et 7. Cette vulnérabilité, de type contrôle d'accès défaillant, permet à un attaquant de provoquer un déni de service à distance, une atteinte à...
ssi.gouv.frrssforumnews
Show All News
avatar
Aviatrix Threat Research Center@aviatrixtrc
2 days ago
TRC analysis shows ransomware groups exploiting CVE-2024-40766 in SonicWall SSL VPNs to achieve data encryption within 55 minutes of initial compromise. Attackers leverage VPN access for persistent C2 and lateral movement through compromised credentials. Runtime segmentation can
avatar
Shah Sheikh@shah_sheikh
2 days ago
SonicWall CVE-2024-40766 Proves Patching Is Not Remediation: A SANS audit of 14 patched SonicWall firewalls shows Akira ransomware still getting in via stale accounts and LDAP misconfigurations the firmware update never touched. SonicWall… https://t.co/bLkl6I9bSP https://t.co/Ma8VzuiZ71
avatar
ThreatCluster@threatcluster
3 days ago
Ransomware groups Akira and Fog have exploited CVE-2024-40766 in SonicWall SonicOS firewalls since September 2024, with nearly 49,000 vulnerable devices exposed publicly as of December 2024, https://t.co/30aYZsWkl1 reported. #Ransomware #Vulnerability https://t.co/UtbedyaMpp
avatar
ThreatCluster@threatcluster
3 days ago
Akira ransomware operators exploited CVE-2024-40766 via SSL VPNs on SonicWall Gen 7 firewalls, breaching networks and pivoting to domain controllers, Bitdefender and Huntress reported. #Vulnerability #InfoSec https://t.co/ZyPVJmnHp9
avatar
CyberNewsDaily@NewsDaily18579
3 days ago
🔴 Critical CVE-2024-40766 (CVSS: N/A) [CISA KEV: ACTIVELY EXPLOITED] [EPSS: 15.7%]: A vulnerability was patched but still exploited because misconfigured systems weren't fixed. via SANS ISC https://t.co/jOkFMknPJo
avatar
DFIR Radar@DFIR_Radar
3 days ago
CVE-2024-40766 (CVSS 9.3) in SonicWall SSLVPN has been exploited by Akira and Fog ransomware since Sept 2024. Patching firmware is not remediation: stale accounts, broken LDAP config, and an exposed MFA enrollment portal are keeping patched firewalls wide open. Key findings: - https://t.co/tFjksfgXEy
avatar
Lydia Zhang@linglingsan
2025-12-05
@RidgeSecurityAI I commented on this article "Lydia Zhang, president of Ridge Security, said this recent attack was more closely related to CVE-2024-53704 rather than CVE-2024-40766. Zhang said the "53704" SonicWall SSL VPN vulnerability leaks the swap cookie and session ID,
avatar
TheCortexProtocol@the_c_protocol
2025-12-04
🚨 Marquis Ransomware Breach Hits 74 US Banks, Credit Unions Marquis Software Solutions—a vendor serving 74 US banks and credit unions—got hit by ransomware, exposing financial institution data on 400,000+ customers. What's notable: Akira ransomware exploited CVE-2024-40766, a
avatar
Defused@DefusedCyber
2025-12-01
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN..) +64.88% - CVE-2022-27510 (NetScaler ADC..) +21.33% - CVE-2022-27510 (Gateway..) +21.33% - CVE-2021-27877 (Veritas Veritas..) +15.37% - CVE-2021-27876 (Veritas Veritas..) +14.32%
avatar
CaveiraTech@caveiratech
2025-11-14
Alerta sobre ransomware Akira: Operação expande ataques para Nutanix AHV VM encriptando discos via CVE-2024-40766 e explorando vulnerabilidades em firewalls SonicWall, exigindo backups offline e autenticação multifator rápida para proteção eficaz. https://t.co/RJOgQlpsUU
Show All Tweets
Configuration 1
TypeVendorProduct
OSSonicwallsonicos
ReferenceLink
[email protected]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
[email protected]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access