CVE-2024-40766 - SonicWall SonicOS Improper Access Control Vulnerability

Vulnerability Name

SonicWall SonicOS Improper Access Control Vulnerability

Description

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Related News Articles

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 AccountsOctober 11, 2025

Akira ransomware: From SonicWall VPN login to encryption in under four hoursSeptember 29, 2025

Akira ransomware breaching MFA-protected SonicWall VPN accountsSeptember 29, 2025

SonicWall releases SMA100 firmware update to wipe rootkit malwareSeptember 23, 2025

SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of CustomersSeptember 18, 2025