Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Research

Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 10, 2024

What is CVE-2024-40766? 

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall. 

What Assets are Affected by this Vulnerability? 

CVE-2024-40766 affects SonicWall devices using a vulnerable SonicOS firmware version, specifically SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices. 

Is a Fix Available? 

SonicWall has released a list of impacted products and versions alongside releases for CVE-2024-40766: 

  • SonicWall Gen 5 running SonicOS version 5.9.2.14-12o and older – fixed in SonicOS version 5.9.2.14-13o
  • SonicWall Gen 6 running SonicOS version 6.5.4.14-109n and older – fixed in 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) and version 6.5.4.15-116n (for other Gen 6 Firewalls)
  • SonicWall Gen 7 running SonicOS version 7.0.1-5035 and older – not reproducible in 7.0.1-5035 and later, but SonicWall recommends installing the latest firmware version

Are There Any Other Recommended Actions to Take? 

SonicWall has released several suggested mitigations in addition to the fixes above. 

  1. Limit firewall management to trusted sources and disable internet access to the WAN management portal if possible.
  2. Restrict SSLVPN access to trusted sources only and disable it entirely if not needed.
  3. For Gen 5 and Gen 6 devices, SSLVPN users with local accounts should update their passwords immediately and administrators should enable the “User must change password” option for local users.
  4. Enable multi-factor authentication (MFA) for all SSLVPN users using TOTP or email-based one-time passwords (OTPs). 

For additional information on configuring MFA, check out SonicWall’s Knowledge Base here. 

Is CVE-2024-40766 Being Actively Exploited? 

While SonicWall originally indicated that there was no active exploitation of this vulnerability when it was publicly reported on August 22nd, 2024, that didn’t last long. By September 6th, 2024, SonicWall updated its security advisory to include that the issue was potentially being exploited in the wild. 

The same day, security researchers at Arctic Wolf reported that threat actors, specifically the Akira ransomware affiliates, have begun actively exploiting this vulnerability to deliver ransomware. Specifically, attackers were observed using compromised SSLVPN user accounts on SonicWall devices as the initial access vectors for ransomware, taking advantage of accounts that were not integrated in a centralized authentication solution and lacked MFA. 

How is CyCognito Helping Customers Identify Assets Vulnerable to CVE-2024-40766? 

CyCognito discovery and testing engines detect all assets running SonicWall SonicOS products and leverage multiple tests to services of the vulnerable product and versions.

Figure 1: The alert sent by CyCognito for CVE-2024-40766

All customers have access to an in-platform emerging security issue announcement as of September 10th, 2024. The CyCognito platform uses both passive scanning and active testing techniques to identify vulnerable assets.  

How Can CyCognito Help Your Organization? 

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.


Topics



Search the Blog



Recent Posts




Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024




Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.