The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited by threat actors.
Tracked as CVE-2024-40766 with a critical CVSS score of 9.3, this flaw affects multiple generations of SonicWall firewalls and exposes organizations to unauthorized access, lateral movement, and potential ransomware deployment.
Assigned advisory ID SNWLID-2024-0015, the vulnerability resides within the SonicOS management interface and SSLVPN components of SonicWall firewalls.
An improper access control issue allows an unauthenticated remote attacker to bypass authentication checks and gain unauthorized access to sensitive resources.
Under specific conditions, exploitation can also trigger a denial-of-service condition by causing the device to crash.
Affected models include Gen 5 and Gen 6 firewalls, as well as Gen 7 devices running SonicOS version 7.0.1-5035 and earlier.
Given the widespread deployment of these devices across government, education, healthcare, and enterprise networks, the risk of unauthorized intrusion and operational disruption is significant.
Active Exploitation by Ransomware Actors
The ACSC warning highlights a recent surge in active exploitation of CVE-2024-40766 targeting Australian entities.
Adversaries associated with the Akira ransomware group have been observed leveraging this flaw as an initial access vector.
By exploiting the vulnerability, attackers establish a foothold within the network perimeter, allowing them to move laterally, escalate privileges, and deploy ransomware to encrypt critical data.
Akira operators have a history of targeting vulnerable network edge devices to bypass perimeter defenses and gain persistent access.
The ACSC notes that several Australian organizations have already experienced intrusion attempts exploiting the SonicWall flaw, underscoring the immediacy of the threat.
Both SonicWall and the ACSC urge organizations with affected devices to take immediate action to mitigate risk.
The primary recommendation is to apply the security patches released by SonicWall, which fully address the access control flaw.
Following patch deployment, organizations must reset all passwords associated with the devices to ensure that any previously compromised credentials cannot be reused by threat actors.
Failure to update credentials after patching could leave systems vulnerable despite the firmware fix.
In addition to patching and credential changes, affected organizations should conduct the following steps:
Review network inventories to identify any unpatched SonicWall firewalls and SSLVPN endpoints.
Monitor firewall logs for unusual authentication attempts or connection patterns indicative of exploitation.
Implement network segmentation to limit the potential for lateral movement originating from compromised edge devices.
Consult the official advisories published by SonicWall and the ACSC for detailed investigation and remediation guidance.
By taking these proactive measures, organizations can reduce the risk of unauthorized access, ransomware deployment, and operational disruption.
The ACSC emphasizes that immediate patching and credential updates are crucial to preventing further exploitation of this critical vulnerability.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=Assigned advisory ID SNWLID-2024-0015, the vulnerability resides within the SonicOS management interface and SSLVPN components of SonicWall firewalls.){kind=link}