CVE-2024-40766

Name of the Vulnerable Software and Affected Versions SonicWall SonicOS versions prior to 7.0.1-5035 SonicWall Gen 5 and Gen 6 devices SonicWall Gen 7 devices versions prior to 7.0.1-5035

Description SonicWall SonicOS contains an improper access control vulnerability that could allow an attacker to gain unauthorized access to resources and potentially crash the firewall. This vulnerability is actively being exploited by the Akira ransomware group, who are leveraging it to gain access to SSLVPN user accounts. Attackers are exploiting CVE-2024-40766, and in some cases, are bypassing multi-factor authentication (MFA) by using stolen credentials or exploiting misconfigurations. Approximately 48,933 SonicWall devices remain vulnerable. The Akira ransomware group has been observed exploiting this vulnerability since July 2025, with attacks targeting various sectors. The vulnerability allows attackers to gain rapid access to networks, with some intrusions occurring in under an hour. Exploitation methods include credential theft, the use of tools like Impacket, and the exploitation of default configurations.

Recommendations Update SonicWall devices to firmware version 7.3.0 or higher. Reset all local user account passwords for any accounts with SSLVPN access. Enable Botnet Protection and Geo-IP Filtering. Remove unused or inactive user accounts. Enforce MFA and strong password policies. Disable SNMP traps before upgrading to version 7.3.0. Restrict access to the Virtual Office Portal to the internal network. Review and audit all local accounts. Monitor for suspicious activity.