CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40766

Critical Severity
Sonicwall
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.18328/1

CVE-2024-40766 is a critical vulnerability in SonicWall SonicOS allowing for improper access control, potentially crashing firewalls. This impacts SonicWall Gen 5, Gen 6, and specific Gen 7 devices. With a SOCRadar Vulnerability Risk Score (SVRS) of 84, indicating a critical threat needing immediate attention, this vulnerability could lead to unauthorized resource access and service disruption. Exploits are already available and actively being used in the wild, and it has been added to the CISA KEV catalog indicating active exploitation. This vulnerability arises from improper access control within SonicWall's management interface. Successfully exploiting CVE-2024-40766 can result in significant security breaches and operational downtime. Given its high severity and active exploitation, organizations using affected SonicWall devices should prioritize patching and mitigation measures immediately.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-23
LAST MODIFIED2024-09-16
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-40766 is a vulnerability with a CVSS score of 0, indicating a low severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns it a score of 38, highlighting the potential for significant impact. This discrepancy stems from SVRS's integration of various 'Vulnerability Intelligence' elements, including Social Media, News, Code Repositories, Dark/Deep Web data, and associations with Threat Actors and malware.

Key Insights

  • Active Exploitation: The vulnerability is actively exploited in the wild, posing an immediate threat to organizations.
  • Low CVSS Score: The CVSS score of 0 may underestimate the severity of the vulnerability, as it does not fully capture the potential impact identified by SVRS.
  • SVRS Criticality: The SVRS score of 38 indicates a critical vulnerability, necessitating immediate action to mitigate potential risks.
  • Threat Actors: Specific Threat Actors or APT Groups actively exploiting this vulnerability have not been identified at this time.

Mitigation Strategies

  • Apply Software Updates: Install the latest software updates and patches to address the vulnerability.
  • Implement Network Segmentation: Segment networks to limit the spread of potential attacks.
  • Enable Intrusion Detection Systems (IDS): Deploy IDS to detect and block malicious activity targeting the vulnerability.
  • Conduct Regular Security Audits: Regularly assess systems for vulnerabilities and implement appropriate mitigation measures.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
0885b3153e61caa56117770247be04442024-10-22
HASH
0e98bfb0d8595ceb9a687906758a27ad2024-10-22
HASH
2a7a76cde7e970c06316e3ae4feadbe32024-10-22
HASH
4edc0efe1fd24f4f9ea234b83fcaeb6a2024-10-22
HASH
503f112e243519a1b9e03444995619082024-10-22
HASH
64f8e1b825887afe3130af4bf4611c212024-10-22
HASH
696a86a4c569590b0522664924db7c902024-10-22

Exploits

TitleSoftware LinkDate
SonicWall SonicOS Improper Access Control Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-407662024-09-09
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Vulnérabilité dans SonicWall (10 septembre 2024)
2025-04-01
Vulnérabilité dans SonicWall (10 septembre 2024) | Le 22 août 2024, Sonicwall a publié un correctif concernant la vulnérabilité critique CVE-2024-40766 affectant les pare-feux Sonicwall génération 5, 6 et 7. Cette vulnérabilité, de type contrôle d'accès défaillant, permet à un attaquant de provoquer un déni de service à distance, une atteinte à...
news
ssi.gouv.fr
rss
forum
Aktive Ausnutzung einer Sicherheitslücke in SonicWall SonicOS (CVE-2024-40766)
CERT.at2025-04-01
Aktive Ausnutzung einer Sicherheitslücke in SonicWall SonicOS (CVE-2024-40766) | Der Hersteller SonicWall hat am 21.08.2024 ein Advisory zu einer schwerwiegenden Sicherheitsl&uuml;cke in seinem Betriebssystem f&uuml;r Netzwerkger&auml;te, SonicOS, ver&ouml;ffentlicht. Die Ausnutzung besagter Schwachstelle,&nbsp;CVE-2024-40766, k&ouml;nnte es Angreifer:innen erlauben, betroffene Ger&auml;te zum Absturz zu bringen. Zeitgleich mit der Ver&ouml;ffentlichung hat das Unternehmen auch aktualisierte Versionen von SonicOS freigegeben welche das Problem beheben. <
cert.at
rss
forum
news
Ransomware and Cyber Extortion in Q4 2024
Ivan Khamenka2025-03-01
Ransomware and Cyber Extortion in Q4 2024 | December 2024 marked the highest number of victims recorded in a single month. A key factor is likely the growth of the ransomware ecosystem itself.Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In this
digitalshadows.com
rss
forum
news
CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in the Wild
Balaji N2025-02-18
CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in the Wild | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated warnings about a critical zero-day vulnerability in SonicWall’s SonicOS, designating CVE-2024-53704 for immediate remediation in its Known Exploited Vulnerabilities (KEV) catalog. This improper authentication flaw, which enables remote attackers to hijack active SSL VPN sessions without credentials, has been confirmed as actively exploited in the [&#8230;] The post CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in
cybersecuritynews.com
rss
forum
news
Dragos Industrial Ransomware Analysis: Q3 2024
Camille Stauffer2025-02-01
Dragos Industrial Ransomware Analysis: Q3 2024 | Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024 first appeared on Dragos.Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary operations and their tactics, techniques, and procedures (TTPs). Dragos OT cyber
dragos.com
rss
forum
news
1000’s Of SonicWall Devices Remain Vulnerable To CVE-2024-40766
Varshini2025-01-08
1000’s Of SonicWall Devices Remain Vulnerable To CVE-2024-40766 | A recent investigation revealed that the Akira and Fog ransomware groups are actively exploiting the SonicWall NSA vulnerability (CVE-2024-40766) to compromise organizations.&#160; As of December 23, 2024, over 100 companies are suspected to have been victimized by these groups through this vulnerability. Despite the disclosure in September 2024, a significant number of devices, exceeding 48,933, [&#8230;] The post 1000&#8217;s Of SonicWall Devices Remain Vulnerable To CVE-2024
gbhackers.com
rss
forum
news
CTO at NCSC Summary: week ending January 5th - substack.com
2025-01-03
CTO at NCSC Summary: week ending January 5th - substack.com | News Content: Happy New Year edition 🎆 Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do. Operationally this week the CyberHaven Chrome extension breach has some initial analysis published. Steven Lim released a KQL query to help identify if any of the extensions were in use within organisations. In the high-level this week: Department of Treasury letter on their alleged breach by China via BeyondTrust - NextGov publishes - “On December 8, 2024, Treasury was notified by
google.com
rss
forum
news

Social Media

Additional Evidence of SonicWall CVE-2024-40766 Exploitation by Akira and Fog, and Patch Progress - Security Research Center Blog #vuln #akira #fog https://t.co/FtRYB1tfHH
0
0
0
Additional Evidence of SonicWall CVE-2024-40766 Exploitation by Akira and Fog, and Patch Progress - Security Research Center Blog https://t.co/fxXQ8bC5lZ
0
1
3
Fog &amp; Akira ransomware groups are exploiting the critical CVE-2024-40766 vulnerability in SonicWall VPN systems, targeting enterprises and critical infrastructure. Protect your systems with the latest patch. https://t.co/ti9a9cUFQP
0
0
0
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766 - https://t.co/vyeUZDcFs4
0
0
0
Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks: Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a vulnerability (CVE-2024-40766) in SonicWall SSL VPN devices, where… https://t.co/dRikXpc4SH https://t.co/GvOo1sP4Gl
0
1
0
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766 https://t.co/GxD4AaV1nP Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critica…
0
0
0
Fog ransomware targets SonicWall VPNs to breach corporate networks: https://t.co/hqg01Y2Kr7 Fog and Akira ransomware are exploiting a critical SSL VPN access control flaw (CVE-2024-40766) in SonicWall VPNs to breach corporate networks. SonicWall patched the flaw in August 2024,
0
0
0
#Fog and #Akira #ransomware operators are increasingly breaching corporate networks through #SonicWallVPN accounts, with the threat actors believed to be exploiting CVE-2024-40766, a critical SSL VPN access control flaw. #2024 #Infosec #BT https://t.co/XqMJGTJfJ8
0
0
0
Los operadores de #ransomware #Fog y #Akira están vulnerando cada vez más las redes corporativas a través de cuentas VPN de #SonicWall, y se cree que los actores de amenazas están explotando CVE-2024-40766, #2024 #Infosec #BT https://t.co/UiA8EQ44Rv www.brierandthorn,com
0
0
0
🚨 Beware of Fog ransomware targeting SonicWall VPNs! They're exploiting CVE-2024-40766 &amp; moving quickly—data can be encrypted in under 2 hours! Protect your systems—enable MFA ASAP! #CyberSecurity #Ransomware #DataBreach
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSSonicwallsonicos

References

ReferenceLink
[email protected]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence