← Zuruck zu CVEs
CVE-2024-40766
CRITICALCISA KEV9.8
Beschreibung
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/23/2024
Zuletzt geandert10/31/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSonicWall
ProduktSonicOS
SchwachstellennameSonicWall SonicOS Improper Access Control Vulnerability
KEV Aufnahmedatum2024-09-09
Behebungsfrist2024-09-30
Ransomware-NutzungKnown
Betroffene Produkte
sonicwall:nsa_2650sonicwall:nsa_2700sonicwall:nsa_3600sonicwall:nsa_3650sonicwall:nsa_3700sonicwall:nsa_4600sonicwall:nsa_4650sonicwall:nsa_4700sonicwall:nsa_5600sonicwall:nsa_5650sonicwall:nsa_5700sonicwall:nsa_6600sonicwall:nsa_6650sonicwall:nsa_6700sonicwall:nssp_10700sonicwall:nssp_11700sonicwall:nssp_12400sonicwall:nssp_12800sonicwall:nssp_13700sonicwall:sm9800sonicwall:sm_9200sonicwall:sm_9250sonicwall:sm_9400sonicwall:sm_9450sonicwall:sm_9600sonicwall:sm_9650sonicwall:sohosonicwall:soho_250sonicwall:soho_250wsonicwall:sohowsonicwall:sonicossonicwall:tz270sonicwall:tz270wsonicwall:tz370sonicwall:tz370wsonicwall:tz470sonicwall:tz470wsonicwall:tz570sonicwall:tz570psonicwall:tz570wsonicwall:tz670sonicwall:tz_300sonicwall:tz_300psonicwall:tz_300wsonicwall:tz_350sonicwall:tz_350wsonicwall:tz_400sonicwall:tz_400wsonicwall:tz_500sonicwall:tz_500wsonicwall:tz_600sonicwall:tz_600p
Schwachen (CWE)
CWE-284
Referenzen
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015(PSIRT@sonicwall.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.