A critical vulnerability in SonicWall SonicOS, tracked as CVE-2024-40766, is actively being exploited by ransomware groups, including Akira and Fog. This flaw, which has a CVSS score of 9.8, was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on September 9, 2024, highlighting its significant threat to organizations using SonicWall's firewall products.
The vulnerability stems from improper access control in the management access of SonicWall SonicOS, affecting Gen 5, Gen 6, and Gen 7 firewall devices. Exploitation of this flaw can lead to unauthorized access to resources and, under certain conditions, cause the firewall to crash. The exploitation of this vulnerability in the wild was confirmed within just 16.7 days of its disclosure on August 23, 2024, underscoring the urgency for organizations to address this security gap.
Ransomware groups such as 0apt, Akira, Ransomhub, and Sinobi have been identified as leveraging this vulnerability to gain unauthorized access to networks, potentially leading to data breaches and operational disruptions. The exploitation of CVE-2024-40766 is particularly concerning given its potential to facilitate further attacks once initial access is gained.
Organizations using affected SonicWall devices are urged to apply available patches immediately to mitigate the risk of exploitation. The Security Signal Vulnerability Classification (SSVC) advises immediate action, reflecting the critical nature of this vulnerability. As ransomware attacks continue to evolve, maintaining up-to-date security measures and monitoring for unusual activity remain crucial defenses against such threats.
CSURFACE