CVE-2024-40766 - SonicWall SonicOS Improper Access Control Vulnerability
Project:SonicWall
Product:SonicOS
Date Added:2024-09-09Due Date:2024-09-30
Vulnerability Name
SonicWall SonicOS Improper Access Control Vulnerability
Description
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
Related News Articles
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of CustomersSeptember 18, 2025
WatchGuard warns of critical vulnerability in Firebox firewallsSeptember 18, 2025
SonicWall warns customers to reset credentials after breachSeptember 18, 2025
Akira ransomware exploiting critical SonicWall SSLVPN bug againSeptember 12, 2025
Akira ransomware affiliates continue breaching organizations via SonicWall firewallsSeptember 11, 2025