Security advisories

SonicWall Vulnerability Exploited 

September 11, 2024 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Exploitation of the recently disclosed critical SonicWall vulnerability CVE-2024-40766 (CVSS:9.3) has now been confirmed. CVE-2024-40766 was disclosed on August 22nd and impacts SOHO (Gen 5), Gen6 Firewalls, and Gen7 Firewalls. Exploitation of the vulnerability would allow threat actors to gain access to unauthorized resources and, in specific conditions, cause the firewall to crash.

On September 6th, SonicWall updated their advisory, adding that, “This vulnerability is potentially being exploited in the wild.” On September 9th, CISA officially added CVE-2024-40766 to the Known Exploited Vulnerabilities catalog. Although CISA has not provided any details around real-world attacks involving the vulnerability, other security vendors have stated that CVE-2024-40766 is being exploited by ransomware groups.

What we’re doing about it

What you should do about it

Additional information

CVE-2024-40766 is an improper access control vulnerability. While eSentire cannot confirm exploitation leading to ransomware deployment, as of September 8th, eSentire has observed the targeting of SonicWall devices, leading to data exfiltration. Based on the observed incident, it is probable that threat actors exploited CVE-2024-40766. As exploitation has been confirmed, it is critical that organizations apply the relevant security patches or alternative mitigations immediately.

SonicWall vulnerabilities have a history of being targeted by financially motivated threat actor groups. The HelloKitty group leveraged a similar vulnerability in 2021, which was used to launch ransomware attacks against vulnerable SonicWall SMA appliances. The SonicWall vulnerability CVE-2024-40766 fits within a broader trend of threat actors exploiting internet-facing remote access technologies. The critical flaw, coupled with SonicWall’s broad deployment in corporate environments, presents a significant risk for both espionage and financially motivated cybercrime, such as ransomware attacks.

Impacted SonicWall Products:

References:

[1] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
[2] https://www.cisa.gov/known-exploited-vulnerabilities-catalog#:~:text=SONICWALL%20%7C%20SONICOS-,CVE%2D2024%2D40766,-SonicWall%20SonicOS%20Improper
[3] https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-totp/190829123329169
[4] https://www.cisa.gov/news-events/alerts/2021/07/15/ransomware-risk-unpatched-eol-sonicwall-sra-and-sma-8x-products

View Most Recent Advisories