CISA Known Exploited Vulnerability

CVE-2024-40766 Ransomware

SonicWall · SonicOS

SonicWall SonicOS Improper Access Control Vulnerability

Date added 2024-09-09

BOD 22-01 due date 2024-09-30

CWE CWE-284

Ransomware Known

CISA description

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes & references

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2
https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2024-40766
CVE.org · CVE-2024-40766
CISA KEV catalog (canonical)