CVE-2024-40766

Name of the Vulnerable Software and Affected Versions SonicWall SonicOS versions prior to 7.0.1-5035 SonicWall SonicOS versions 5.9.2.14-120 and 6.5.4.14-109n

Description An improper access control vulnerability exists in SonicWall SonicOS, potentially allowing unauthorized resource access and, in some cases, causing the firewall to crash. This vulnerability, tracked as CVE-2024-40766, is actively being exploited by ransomware groups, including Akira and Fog. Attackers are leveraging this flaw to gain access to systems, steal data, and deploy ransomware. The Akira ransomware group has been observed exploiting this vulnerability since late July 2025, with some attacks completing key actions within an hour. The vulnerability is often exploited through misconfigured systems or unchanged credentials following migrations from older SonicWall versions. Approximately 48,000 devices remain vulnerable.

Recommendations Update SonicWall SonicOS to version 7.0.1-5035 or later. Update SonicWall SonicOS to version 5.9.2.14-130 or later. Update SonicWall SonicOS to version 6.5.4.15.116n or later. Reset all local user account passwords for any accounts with SSLVPN access, especially if they were carried over during migration from Gen 6 to Gen 7. Enable Botnet Protection and Geo-IP Filtering. Remove unused or inactive user accounts. Enforce MFA and strong password policies. Restrict Virtual Office Portal access to the internal network.