CVE-2024-40766 Exploited by Ransomware Groups Targeting SonicWall Firewalls

CVE-2024-40766 is an improper access control vulnerability in SonicWall SonicOS affecting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability, with a CVSS score of 9.3, allows unauthorized access and can crash the device. SonicWall serves approximately 500,000 businesses, many of which lack dedicated security teams. Ransomware groups Akira and Fog have exploited this vulnerability since September 2024, with significant compromises reported. By December 2024, nearly 49,000 devices were still publicly exposed and unpatched. Dwell times for attacks have been alarmingly short, with encryption occurring in under four hours in many cases. SonicWall's MySonicWall platform was also breached, exposing configuration backups and encrypted credentials. The exploitation has escalated in 2026, with ongoing attacks reported.

Key Points: • CVE-2024-40766 affects SonicWall firewalls, allowing unauthorized access and potential crashes. • Over 48,000 devices remain unpatched, making them prime targets for ransomware groups. • The MySonicWall breach has compromised configuration backups, increasing vulnerability.